CVE-2021-26262: Product Security | Philips

**Philips Product Security Designed-In **

In recognition of the critical role security plays across today’s interconnected digital ecosystem, Philips is committed to the articulation and execution of a comprehensive security plan that assures the safety of patient, personal, and business data. We have updated our Product Security Statement to reflect the rapidly changing security environment and our response to provide designed-in security with our products to meet the latest challenges.

**

Security status

**

Philips Product Security Status documents have product-specific vulnerability updates and security-related information such as supported anti-virus software, OS security features, and remote service.

Each product has its own table and the products are separated by modality, i.e. Informatics, Ultrasound, Magnetic Resonance, etc. The Status Documents list known software vulnerabilities, the current status, and Recommended Customer Action.

Revised tables are posted regularly with the latest available information.

Manufacturer Disclosure Statement for Medical Device Security

As part of our commitment to product security and customer service, Philips Healthcare supplies our customers with information to help assess and address the vulnerabilities and risks associated with products that maintain or transmit ePHI.

Specifically, Philips Healthcare is using the Manufacturer Disclosure Statement for Medical Device Security (MDS²) to provide security information about its products.

The MDS² contains product specific security information such as:

• Maintaining, storing, and transmitting ePHI
• Data back-up and removable media capabilities
• Installing security patches and anti-virus software
• Remote service access
• Audit logs of ePHI access including: Viewing; creating, modifying, and deleting records; importing/exporting

The MDS², a universal reporting form which allows Philips Healthcare to supply its customers with model-specific information, is endorsed by the American College of Clinical Engineering (ACCE), ECRI (formerly the Emergency Care Research Institute), the National Electrical Manufacturers Association (NEMA), and the Healthcare Information and Management Systems Society (HIMSS).

The form also contains security practice recommendations and explanatory notes from the manufacturer as well as detailed.

**Customers must register for access. **

To register, send an e-mail to [email protected] providing the following information:

• Customer name/facilityname
• Contact name and email
  address
• Phone number and address

Once your request is processed, you will receive an email from GCS Helpdesk with login and passcode information.

Already registered?

**Security Advisory **

For more details on specific product security advisories please click the below button.

Security Advisory Archive

**Remote Services (PRS)

To support you in delivering efficient quality care to your patients and protecting your sensitive medical information, we have put in place secure remote support solutions and facilities. Find out more about our remote connection technology and security measures in this document.

**

Visit Website

Download Security Brochure (PDF)

Philips Cybersafe puts patient focus first

All your Philips services and devices cooperate in a standardized way to guard against existing and emerging threats.

By clicking on the link, you will be leaving the official Royal Philips Healthcare (“Philips”) website. Any links to third-party websites that may appear on this site are provided only for your convenience and in no way represent any affiliation or endorsement of the information provided on those linked websites. Philips makes no representations or warranties of any kind with regard to any third-party websites or the information contained therein.

I understand

You are about to visit a Philips global content page

You are about to visit the Philips USA website.