CyberMDX discovers critical vulnerabilities in GE imaging and ultrasound devices


MDhex-Ray is a vulnerability discovered by CyberMDX, which was published by CISA as ICS Medical Advisory ICSMA-20-343-01 on December 8, 2020.  MDhex-Ray affects a long list of CT, X-Ray, and MRI imaging systems manufactured by GE Healthcare.

Successfully exploiting the vulnerability may expose sensitive data - such as PHI - or could allow the attacker to run arbitrary code, which might impact the availability of the system and allow manipulation of PHI.

More than 100 devices are affected by this vulnerability across the following product lines:

  • MRI - Signa, Brivo, Optima
  • Ultrasound - LOGIQ, Vivid, EchoPAC, Image Vault, Voluson
  • Advanced Visualization - AW
  • Interventional - Innova, Optima
  • X-Ray - Brivo, Definium, AMX, Discovery, Optima, Precision
  • Mammography - Seno, Senographe Pristina
  • Computed Tomography - BrightSpeed, Brivo, Discovery, LightSpeed, Optima, Revolution, Frontier
  • Nuclear Medicine, PET/CT - Brivo, Discovery, Infinia Optima, Ventri, Xeleris, PET Discovery, PETtrace

CyberMDX can help your organization detect whether you have affected devices in your network and mitigate the issue, including:

  • Identify any affected devices in your networks and tag them
  • Apply policies to secure these devices and segment the traffic across the affected devices and network
  • Create policy rules to control access to each of the devices, internally or externally (e.g., vendor access)

The CyberMDX Solution

Our scalable, easy-to-deploy security solution works to ensure your organization’s operational safety, compliance and continuity through continuous asset discovery, comprehensive risk profiling, and AI-powered containment and response capabilities.

The CyberMDX solution identifies endpoints and assesses vulnerabilities to detect, respond to and prevent cyber incidents.

Learn More > >

Vulnerability Research

CyberMDX’s Vulnerability Research and HTM Analysis team regularly works with medical device organizations in the responsible disclosure of security vulnerabilities. The threat intelligence team works tirelessly to help protect hospitals and healthcare organizations from malicious attacks.

The team’s researchers, white hat hackers, and engineers collect information about possible attack paths to understand attacker motives, means, and methods in an effort to deliver the best protection possible.

Learn More > >


Forrester-connected-med-sec"CyberMDX customers felt the product allowed their security investigation times to be reduced. Further, the product’s breadth allows nonsecurity staff to gain value from the product."

Forrester recognized CyberMDX as the Medical Device Security Solution Leader in their New Wave™ Connected Medical Device Security, Q2 2020 report, which also evaluated 7 competitors.

Download the Report >>

Frost & Sullivan

Frost Sullivan Cyber MDX 2020 Award"CyberMDX demonstrates thought leadership, technical excellence, and a unique customization ability to strengthen healthcare security through its platform. It also empowers the continuous discovery of medical devices and intelligent micro-segmentation policies and responses during cyberattacks."

CyberMDX was awarded as the 2020 North American Leader in Medical Device Security Solution Leader by Frost & Sullivan.

Download the Report >>


Gartner Peer Insights"We looked for several key attributes in both the solution and the vendor. The CyberMDX team really delivered on them. I was easy easily able to integrate with our proprietary workflow management system. The support -- from sales to pro services to implementation -- is exceptional. And I’d say the defining factor was when we ran a pen test of a wide network cyber-attack, CyberMDX was the only vendor that detected it."

CyberMDX's solution was given 5 stars on Gartner Peer Insights

Read the Review >>

Request a Demo
Contact Us