As if we didn’t already have enough to worry about, now faceless hackers can possibly take control of our anesthesia machines! In a scenario which sounds like it was dreamed up by a novelist, The Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) issued a warning saying that certain GE Healthcare anesthesia machines have the ability to be hacked remotely, according to an article written in Fox News.
The specific devices GE Aestiva and Aespire Versions 7100 and 7900 can apparently be hacked not to steal data but to alter the amount of anesthetic agent delivered or stop a respiratory device. The article notes that the devices received a vulnerability score of v3 5.3, or moderate severity. Jon Rabinowitz of CyberMDX takes issue with the rating. He notes that when these devices were first being designed cybersecurity and cyberhacking were not vulnerabilities that were being focused on, and that the scoring system does not account for the potential patient risk. If adjusted for these factors he feels the GE machine vulnerability should be scored as critical. GE Healthcare also issued a statement acknowledging that there is a potential to hack the devices however, after conducting an internal risk investigation determined there was no clinical hazard or direct patient risk.
Dr. Howard Greenfield is a board-certified anesthesiologist with expertise in cardiac anesthesia, pain management, and healthcare consulting. A founding partner of Sheridan Healthcare, he led anesthesia operations at Memorial Regional Hospital and helped establish trauma and pediatric programs. He later served as VP of Business Development at Sheridan, expanding services nationally. In 2009, he co-founded Enhance Healthcare Consulting, where he’s spent over 13 years leading anesthesia and perioperative improvement initiatives across the U.S. with a data-driven, strategic approach.