HomeCII/OTCISA warns that patient monitors with backdoor are sharing information with China

CISA warns that patient monitors with backdoor are sharing information with China

Published on

spot_img

The Contec CMS8000 patient monitor, a widely used device in healthcare settings, has been found to have vulnerabilities that could put patient data at risk. The US Cybersecurity and Infrastructure Security Agency (CISA) confirmed that the monitor, manufactured by a Chinese company, has a backdoor that can exfiltrate patient data to a hard-coded IP address and allow for the download and execution of unverified files.

The presence of this backdoor in the monitor’s firmware presents a serious risk to patient safety, as it could potentially lead to improper responses to vital signs displayed by the device. CISA, after being alerted to the monitor’s suspicious functions by an external researcher, identified three vulnerabilities in the firmware:

1. A reverse backdoor (CVE-2025-0626) that connects to a hard-coded IP address and allows for the uploading and overwriting of files
2. An out-of-bounds write flaw (CVE-2024-12248) that could enable attackers to write arbitrary data to the device through specially formatted UDP requests
3. A vulnerability (CVE-2025-0683) that results in the collection and transmission of plaintext patient and monitor sensor data to the hard-coded IP address

The IP address linked to the monitor is not associated with a medical facility but with a third-party university in China. This raises concerns about the potential misuse of the collected patient data and underscores the need for increased vigilance regarding cybersecurity in healthcare.

The lack of an alternative update mechanism, integrity-checking mechanisms, and version tracking in the backdoor function further exacerbate the security risks posed by the monitor. Without proper oversight and monitoring, hospitals and healthcare providers may be unaware of the software running on the device, making it difficult to ensure the safety and privacy of patient data.

While the US Food and Drug Administration (FDA) has not reported any cybersecurity incidents or harm related to these vulnerabilities, it recommends that healthcare providers remain alert for signs of unusual activity and disable remote monitoring features on the affected monitors. In the absence of a patch for these flaws, providers are advised to consider alternative patient monitoring solutions to mitigate the potential risks posed by the Contec CMS8000 and Epsimed MN-120 monitors.

In conclusion, the discovery of these vulnerabilities underscores the critical need for robust cybersecurity measures in medical devices, especially those used in healthcare settings where patient data security is paramount. Healthcare organizations, patients, and caregivers must prioritize the protection of sensitive information and take proactive steps to address vulnerabilities in monitoring devices to safeguard patient safety and privacy.

Source link

Latest articles

Ransomware Disrupts Fairlife Dairy Production

Production Halted at Fairlife Dairy Facilities Following Ransomware Attack In a significant cybersecurity incident, Fairlife,...

OpenSSL DoS Vulnerability Allows Remote Attackers to Deplete Server Memory with a Simple 11-Byte Payload

Newly Disclosed OpenSSL Vulnerability Underscores Reliance on Foundational Libraries Recent findings have unveiled a vulnerability...

GigaWiper by CyberMaterial and Sofia

GigaWiper: The Malware that Redefines Cyber Threats In the realm of cybersecurity, malware has traditionally...

EY Data Breach: Hackers Compromise Third-Party IT Support Platform and Steal Client Tax Documents

Ernst & Young Confirms Major Data Security Breach Affecting Client Information Ernst & Young LLP...

More like this

Ransomware Disrupts Fairlife Dairy Production

Production Halted at Fairlife Dairy Facilities Following Ransomware Attack In a significant cybersecurity incident, Fairlife,...

OpenSSL DoS Vulnerability Allows Remote Attackers to Deplete Server Memory with a Simple 11-Byte Payload

Newly Disclosed OpenSSL Vulnerability Underscores Reliance on Foundational Libraries Recent findings have unveiled a vulnerability...

GigaWiper by CyberMaterial and Sofia

GigaWiper: The Malware that Redefines Cyber Threats In the realm of cybersecurity, malware has traditionally...