The U.S. Food and Drug Administration (FDA) has issued a safety communication highlighting cybersecurity vulnerabilities in certain patient monitors manufactured by Contec and relabeled by Epsimed.
The FDA’s notice, published on Thursday, identifies three critical security flaws that could allow unauthorized access to remote monitoring systems, potentially enabling attackers to manipulate device functions. While no incidents, injuries, or deaths have been reported, the agency is urging patients, healthcare professionals, and IT personnel to implement protective measures.
Contec, a China-based medical device manufacturer, produces the CMS8000 patient monitor, which Epsimed sells under its MN-120 product line. These monitors display vital signs and other critical patient information in both healthcare and home settings.
According to the FDA, the vulnerabilities could permit unauthorized users to remotely control the devices, disrupt functionality, and compromise patient data. A hidden backdoor in the software enables attackers to bypass security controls, potentially leading to data breaches or device malfunctions.
The Cybersecurity and Infrastructure Security Agency (CISA) has also assessed the threat, stating that unauthorized changes to the configuration of CMS8000 and MN-120 monitors pose a significant risk to patient safety. A malfunctioning device could
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: