FDA Issues Recall for Some GE Imaging Products Due to Cyber

Healthcare , Industry Specific , Security Operations FDA Issues Recall for Some GE Imaging Products Due to Cyber Vulnerability Affects Certain Centricity Medical Imaging Products Marianne Kolbasuk McGee (HealthInfoSec) • March 19, 2026     Share Post Share Credit Eligible Get Permission GE HealthCare is recalling certain medical imaging products due to a "potential" security vulnerability. (Image: GE HealthCare) The U.S. Food and Drug Administration recalled certain GE HealthCare Centricity medical imaging products due to a "potential" cybersecurity vulnerability that could allow a hacker to manipulate data or impact availability of the affected products. See Also: Reduce Cloud Risk in Healthcare with Security by Default The agency said the "class 2" device recall affects certain models of the GE Centricity Universal Viewer Software Versions 5.0 SP6 through UV 5.0 SP7.1, which is a device that displays medical images, such as mammograms, and data from various imaging sources. FDA's class 2 recalls involve "a situation in which use of, or exposure to, a violative product may cause temporary or medically reversible adverse health consequences or where the probability of serious adverse health consequences is remote," the agency said. GE sent an "urgent medical device correction" notification letter to customers on Jan. 30 but FDA posted the recall notice on Monday. The "potential cybersecurity vulnerability" affects certain versions of the Centricity Universal Viewer. "User login credentials may be exposed on the local client workstation, which could allow an unauthorized individual to potentially impact system availability and/or manipulate data," the FDA alert said. A GE Healthcare spokesperson said there have been no reports of unauthorized access to patient data as a result of this potential issue. "Direct physical access to the workstation is necessary to exploit this potential vulnerability," the spokespersons said. The company said issue was identified by GE HealthCare during routine testing and that it provided instructions allowing customers to continue to use their workstations until a permanent fix is ready. Pending the corrections from GE HealthCare, customers are advised to take certain actions that include ensuring their workstations have appropriate security controls per product manuals, and implementing network account authentication by using Active Directory services for user management. GE HealthCare said it will correct all affected products at no cost to affected customers. Voluntary FDA recalls of medical devices due to cybersecurity issues are still rare but are becoming more common as the agency has intensified its focus on device cyber issues in recent years.