The American regulator FDA has issued a warning regarding cyberosis associated with medical monitors manufactured by Contec and Epsimed. These devices, which are used in both medical institutions and at home, are designed to track key indicators of patients such as temperature, heartbeat, and blood pressure.
The specific models involved in the warning are the CONTEC CMS8000 and Epsimed MN-120. According to the FDA, the identified vulnerabilities in these monitors could potentially allow attackers to gain unauthorized access, interfere with their operation, or even take control of the devices. Additionally, the network to which these medical devices are connected is also at risk, potentially leading to a breach of confidential information, including patients’ personal and medical data.
Of particular concern is the fact that connecting these monitors to the Internet could provide cybercriminals with expanded opportunities to collect information about patients, their health status, and exploit this data outside of the medical institution.
Despite the serious threat posed by these vulnerabilities, the FDA has not received any reports of actual incidents resulting in harm to patients or any related fatalities. Nevertheless, the agency is advising users to disable devices that have remote monitoring capabilities and replace them with more secure alternatives. If a complete disconnection from the network is not feasible, it is recommended to disable both Wi-Fi and wired connections so that the monitor can only function locally.
Healthcare professionals are being urged to inspect the performance of these devices and monitor the accuracy of the displayed indicators. IT specialists are advised to prevent the monitors from being exposed to the internet and to bear in mind that there are currently no updates available to address these vulnerabilities. The FDA and CISA are working closely with the manufacturer of Contec to address and eliminate these threats.