• Subscribe
  • Continuing Education
  • Webinars
  • Whitepapers
  • Videos
  • Events
  • Podcasts
  • Top Companies to Work For
    1. Healthcare IT

    Cybersecurity Weakness Discovered in Certain Contec Patient Monitors

    Feb. 24, 2025
    The monitor in question, which is used throughout the U.S. and European Union, has a functionality that can enable patient data spillage.
    ID 213391826 © Michael Vi | Dreamstime.com
    67bcad3182262fd43ee624d8 Contec

    Analysts have discovered that the Contec CMS8000, a patient monitor used by the U.S. Healthcare and Public Health sector, contains an “embedded backdoor function with a hard-coded IP address” and “functionality that enables patient data spillage.” CISA has released a fact sheet with details.

    The device is “used in medical settings in the U.S. and European Union to provide continuous monitoring of a patient’s vital signs. CISA assesses that inclusion of this backdoor in the firmware of the patient monitor can create conditions which may allow remote code execution and device modification with the ability to alter its configuration, introducing risk to patient safety as a malfunctioning patient monitor could lead to an improper response to patient vital signs.”

    In a CNBC article about the device, John Riggi, national advisor for cybersecurity and risk for the American Hospital Association, says that this problem with the Contec monitors must be put “at the top of the list for the potential for patient harm.” There currently exists no software patch to mitigate the risk. Riggi further speculates that “thousands” of these monitors exist. The FDA has advised medical systems and patients to “make sure the devices are only running locally or to disable any remote monitoring; or if remote monitoring is the only option, to stop using the device if an alternative is available. The FDA said that to date it is not aware of any cybersecurity incidents, injuries, or deaths related to the vulnerability.”

    Christopher Kaufman, a business professor at Westcliff University in California, also expressed concern over the Department of Government Efficiency and its recent hollowing out of certain federal departments. Many of the “recent layoffs at the FDA are employees who review the safety of medical devices.” A U.S. Government Accountability Office report “as of January 2022 indicated that 53% of connected medical devices and other Internet of Things devices in hospitals had known critical vulnerabilities.”

    About the Author

    Matt MacKenzie | Associate Editor

    Matt is Associate Editor for Healthcare Purchasing News.

    Email

    https://www.condair.com/
    healthy_building_website_banner_for_hpn
    ID 160848868 © Jonathan Weiss | Dreamstime.com
    warby_parker
    ID 154742526 © Pop Nukoonrat | Dreamstime.com
    healthcare_ai_5
    ID 142213526 © motortion | Dreamstime.com
    dreamstime_xl_142213526
    ID 132056548 © Wrightstudio | Dreamstime.com
    healthcare_ai_2