Philips—DreamMapper Mobile Application: May Have Cybersecurity Vulnerability

​ECRI's complete weekly summary of medical device hazard and recall information is available in ECRI's Health Device Alerts. For more information contact us at clientservices@ecri.org.

In a July 30, 2020, Security Advisory, and a July 30, 2020, Medical Advisory, Philips and the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), respectively, state that the above application may have a cybersecurity vulnerability that would allow an attacker with a low skill level access to the log file information containing descriptive error messages. The DreamMapper software is a personalized therapy adherence tool for sleep apnea patients and is not a clinical application; it does not directly provide therapy or diagnosis to patients. Philips also states that this vulnerability does not affect patient safety. No known public exploits specifically target this vulnerability. Philips further states that it has received no reports of exploitation of this vulnerability. The manufacturer has not confirmed the...