A popular medical monitor is the latest device produced in China to consider its possible internet risks. However, it is not the only health equipment we have to worry about. Experts say the spread of Chinese health care equipment in the US medical system is a cause for concern throughout the ecosystem.
Contec CMS8000 is a well -known medical monitor that traces a patient’s vital signs. The device traces electrocardiograms, heart rate, oxygen saturation in the blood, non-invasive blood pressure, temperature and respiratory rate. In recent months, the FDA and the cyber security security agency and the infrastructure (cisa) both warned of a “background” on the device, a “easy to use weakness that can allow a bad actor to change its configuration. “
The CISA research team described the “network anomalous traffic” and the back “allowing the device to download and execute remote unprotected files to an IP address that is not accompanied by a medical equipment manufacturer or a medical structure but A university of third parties-“very unusual features” that go against generally accepted practices, “especially for medical equipment”.
“When the feature is executed, the files on the device are forcibly inscribed, preventing the final client – such as the hospital – from maintaining awareness of what the software is working on the device,” Cisa wrote.
Warners say such a change of configuration can lead to, for example, the monitor by saying that a patient’s kidneys are malfunctioning or breathing that fail, and this may cause the medical staff to administer unnecessary remedies that may are harmful.
The weakness of Contec Equipment does not surprise medicine and IT experts who have warned for years that the safety of the medical device is very poor.
Hospitals are concerned about online risks
“This is a big gap that will explode,” said Christopher Kaufman, a business professor at Westcliff University in Irvine, California, who specializes in divisive technologies, specifically referring to the safety gap in many medical equipment.
The American Hospital Association, which represents over 5,000 hospitals and clinics in the US, agrees. It views the spread of Chinese medical equipment as a serious threat to the system.
As for Contec monitors specifically, AHA says the problem should be urgently addressed.
“We have to put this at the top of the list for the potential of the patient’s damage; we have to get caught before they hacked,” said John Riggi, National Internet Safety Advisor and risk for the American Hospital Association. Riggi also served in roles against FBI terrorism before joining AHA.
CISA reports that no part of the software is available to help mitigate the risk, but in its advice said the government is currently working with Contetec.
Contetec, based in Qinhuangdao, China, did not return a comment request.
One of the problems is that it is unknown how much monitoring it is in the JBA
“We do not know because of the large volume of equipment in hospitals. We speculate that there are, conservatively, thousands of these monitors; this is a very critical weakness,” Riggi said, adding that Chinese access to the device can presents strategic, technical and supply chain risks.
In the short term, the FDA advised medical systems and patients to ensure that equipment is operating only on site or to deactivate any distance monitoring; Or if distance monitoring is the only option to stop using the device if an alternative is available. FDA said that so far it is unaware of any incident, injury or internet security death -related death.
The American Hospital Association also told its members that until a patch is available, hospitals must ensure that the monitor no longer access to the Internet, and separated from the rest of the network.
Riggi said that while context monitors are a major example of what we often do not consider among the risk of health care, it lies in a range of overseas medical equipment. US -blocked US hospitals, he explained, often buy medical equipment from China, a place with a history of installation rebuilding and accumulated for all kinds of goals. Riggi says data is often transmitted to China with the declared intention of monitoring a device’s performance, but little more is known about what happens to data beyond.
Riggi says individuals are not at acute medical risk as much as the information that is collected and accumulated for repurposing and endangering the larger medical system. However, he points out that, at least theoretically, it cannot be excluded that prominent Americans with medical equipment can be aimed at division.
“When we talk to hospitals, CEO are surprised, they had no idea of the dangers of these devices, so we are helping them understand. The question for the government is how to stimulate internal production, away from overseas,” Riggi said.
Chinese data collection for Americans
The context warning is similar to a general level with TIKK, Deepseek, TP-Link routers, and other equipment from China that the US government says it is collecting data on Americans. “And that’s all I have to hear in deciding whether to buy medical equipment from China,” Riggi said.
Aras Nazarovas, a Cybernews information security researcher, agrees that the CISA threat raises serious issues to be addressed.
“We have a lot to be scared,” Nazarovas said. Medical devices, such as the CONTEC CMS8000, often have access to very sensitive patient data and are directly related to life -saving functions. Nazarovas says that when equipment is poorly protected, they become easy prey for hackers that can manipulate the data displayed, change life settings, or completely disable the device.
“In some cases, these devices are as poorly protected as attackers can gain distance access and change how the device works without a hospital or patients who sometimes know,” Nazarovas said.
The consequences of contension and vulnerability of Contec on a range of Chinese medical equipment can be easily life -threatening. “Imagine a patient monitor that stops the doctors’ warning at a drop of a patient’s heartbeat or sends incorrect readings, leading to a delayed or wrong diagnosis,” Nazarovas said. Contec CMS8000, and Epsimed MN-201 (a different brand name for the same technology), “can be used as an entry point on the hospital network,” Nazarova added.
More hospitals and clinics are paying attention. Bartlett Regional Hospital in Junau, Alaska, does not use Contec monitors but always requires risks. “Regular monitoring is critical as the risk of online security attacks on hospitals continues to grow,” says Erin Hardin, a Bartlett spokeswoman.
However, regular monitoring may not be sufficient as long as equipment is done with poor safety.
Potential to make things worse, Kaufman says, is that the Department of Government Efficiency is decreasing the departments responsible for storing such equipment. According to the Associated Press, many of the recent vacations in the FDA are employees who review the safety of medical equipment.
Kaufman mourns the possible lack of government supervision for what is already, he says, a freely regulated industry. A report by the US government responsibility office since January 2022 showed that 53% of related medical equipment and other internet equipment in hospitals had known critical weaknesses. He says the problem has only worsened since then. “I’m not sure what will remain by addressing these agencies,” Kaufman said.
“Issuance of medical equipment are widespread and have been recognized for some time now,” said Sila Cutler, leading security researcher at the Censys medical data company. “The reality is that the consequences can be severe and even deadly. While high-profile individuals are at increased risk, the most impact will be hospital systems themselves, with cascading effects in daily patients.”