Summary: The FDA has issued a safety communication regarding cybersecurity vulnerabilities in certain patient monitors by Contec and Epsimed, which could enable unauthorized remote access and manipulation. While no incidents have been reported, the FDA recommends urgent action to mitigate potential risks. Healthcare IT and cybersecurity staff are advised to limit device use and disconnect from internet access to safeguard patient data.
Affected: Contec and Epsimed patient monitors
Keypoints :
- The FDA identified three serious vulnerabilities that allow unauthorized access to CMS8000 and MN-120 patient monitors.
- A hidden backdoor in the software enables bypassing cybersecurity controls, posing a significant patient safety risk.
- The FDA has advised disconnection from internet access and limiting the use of remote monitoring features to mitigate risks.
Source: https://www.cybersecuritydive.com/news/FDA-CISA-patient-monitor-Contec/738919/