Field Safety Notices about Miele PG 8528/PG 8527/PG 8535/ PG 8536 washer-disinfector

According to Agency for Medicinal Products and Medical Devices of the Republic of Slovenia (via FOI), this field safety notices involved a device in Slovenia that was produced by Miele.

What is this?

Field safety notices are communications sent out by medical device manufacturers or their representatives in relation to actions that they may be taking in relation to their product that is on the market. These are mainly for health workers, but also for users. They can include recalls and alerts.

Learn more about the data here
  • Type of Event
    Field Safety Notice
  • Date
    2017-04-05
  • Event Country
  • Event Source
    AMPMDRS
  • Notes / Alerts
    Data from Slovenia is current through February 2019. All of the data comes from the Agency for Medicinal Products and Medical Devices of the Republic of Slovenia (via FOI), except for the categories Manufacturer Parent Company and Product Classification.
    The Parent Company and the Product Classification were added by ICIJ.
    The parent company information is based on 2017 public records. The device classification information comes from FDA’s Product Classification by Review Panel, based on matches of recall data from the U.S. and Slovenia.
  • Extra notes in the data
  • Reason
    The purpose of this correspondence is to bring an it security vulnerability to your attention affecting a machine type in use at your site which was discovered in the course of a penetration test carried out by an it security expert. this only applies to machines which are actually connected to an in- house network. all other machines are not affected and are therefore not at risk. the following applies to machine in a network: • in the event of an attack on the in-house network of a hospital, a laboratory or a surgery, there is a risk that data from miele washer-disinfectors can be read out and/or replaced. this data is for the most part binary code. • theoretically, a hacker with criminal intent could attempt to make abusive use of this data in order to obtain access to the programme controls and to manipulate these. if pursued to the limit, hackers could even, after further data analysis and with a knowledge of instrument reprocessing, try to falsify cycle records with a view to covering up manipulation. the same applies to unauthorised actions on the part of persons with legal access to the appropriate network. • to date, there has been no evidence indicating that such an incident has ever occurred. such targeted manipulation of data, as described above, would require considerable effort and an in-depth knowledge of this highly specific machine software. miele considers the risk of a hacker successfully carrying out the multi-stage manipulation described above and causing a potential threat to the health of patients to be extremely low. .

Manufacturer