The facts are not entirely clear to me. The capitalization errors in the reports cause me to maintain some skepticism. So I would suggest treating the news as "untrusted input" that needs to be independently verified before rushing to judgement. If I were a clinical engineer or IT administrator at a hospital, I'd keep a calm head and wait for official reports from FDA and the manufacturer.
Last June, we posted a note about some red flags for the cybersecurity language describing a Phillips medical device. So it would not surprise me if such a device falls during Round One of fuzz testing. Getting security right is really hard, and there need to be more students learning the skills and concepts to improve the security of software-controlled medical devices.
"We have a remote unauthenticated exploit for Xper, so if you same see an Xper machine on a network, then you can own it," Cylance researcher Billy Rios told SC.To pass the time, browse MAUDE for adverse events by typing "Philips" into the manufacturer box and "xper" into the brand box. Consider filing a MedWatch 3500 if you discover an adverse event involving cybersecurity. The form is a pain to use, but there are few alternatives available today.