HomeIntelligenceBrief
🔓 BREACH BRIEF🟠 High🛡️ Vulnerability

FDA Recalls Certain GE Healthcare Imaging Viewers Over Potential Cyber Vulnerability

🛡️ LiveThreat™ Intelligence · 📅 March 20, 2026· 📰 databreachtoday.com
🟠
Severity
High
🛡️
Type
Vulnerability
🎯
Confidence
HIGH
🏢
Affected
3 sector(s)
Actions
4 recommended
📰
Source
databreachtoday.com

FDA Recalls Certain GE Healthcare Imaging Viewers Over Potential Cyber Vulnerability

What Happened

The U.S. Food and Drug Administration issued a Class 2 recall for specific versions of GE HealthCare’s Centricity Universal Viewer (software 5.0 SP6‑SP7.1). The recall cites a potential cybersecurity flaw that could expose user login credentials on the local workstation, allowing an attacker with physical access to manipulate imaging data or disrupt system availability. GE has provided interim mitigation steps and will issue a permanent fix at no cost.

Why It Matters for TPRM

  • A vulnerability in a medical‑device imaging platform can translate into data integrity and availability risks for any organization that relies on GE Imaging products.
  • The recall underscores the need for continuous monitoring of vendor‑issued security advisories, especially for Class 2 medical devices that impact patient care.
  • Physical‑access‑based exploits highlight gaps in endpoint hardening and network segmentation that third‑party risk programs must address.

Who Is Affected

  • Hospitals, radiology clinics, and outpatient imaging centers using the affected Centricity Universal Viewer.
  • Health‑IT service providers that host or manage GE imaging workstations for clients.
  • Vendors supplying ancillary software or integration services that connect to the compromised viewer.

Recommended Actions

  • Inventory all GE Centricity Universal Viewer installations and verify software version against the recalled range.
  • Apply GE’s interim mitigation guidance immediately (e.g., enforce strong workstation access controls, enable Active Directory authentication).
  • Request a formal incident‑response and remediation plan from GE HealthCare, and update your vendor risk register accordingly.
  • Validate that your organization’s security monitoring covers credential‑theft indicators on imaging workstations.

Technical Notes

  • Attack vector: Requires direct physical access to the workstation; exploits exposed login credentials stored locally.
  • CVEs: None disclosed publicly at this time.
  • Data types exposed: User authentication credentials; potential manipulation of medical images (e.g., mammograms) and associated metadata.

Source: DataBreachToday – FDA Issues Recall for Some GE Imaging Products Due to Cyber

📰 Original Source
https://www.databreachtoday.com/fda-issues-recall-for-some-ge-imaging-products-due-to-cyber-a-31090

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

🛡️

Monitor Your Vendor Risk with LiveThreat™

Get automated breach alerts, security scorecards, and intelligence briefs when your vendors are compromised.

Start Free Trial → Learn About Scorecards
← All Intelligence Briefs Breach Watch Feed →