The popular medical monitor is the latest device produced in China, which has been controlled by the potential cyber risk. However, this is not the only health device that we should worry about. Experts say that the spread of Chinese healthcare devices in the American medical system is a reason for concern in the entire ecosystem.
Contec CMS8000 is a popular medical monitor that follows the patient's life parameters. The device tracks electrocardiograms, heart rate, oxygen saturation in the blood, non -invasive blood pressure, temperature and breathing speed. In recent months, FDA and the Cybersecurity and Infrastructure Security Agency (CISA) warned about “backdoor” In the device “easy to operate susceptibility that can allow an evil actor to change his configuration.”
The CISA research team described “anomal network movement” and backdoor “enabling the device to download and perform unverified remote files” to the IP address not related to the manufacturer of medical equipment or medical facility, but the external university-“highly unusual features” are contrary to generally accepted practices, ” Especially for medical devices. “
“When the function is performed, the files on the device are forced to replace, preventing the client from the end – such as the hospital – from the awareness of what software works on the device,” Cisa wrote.
Warnings say that such a change in configuration can lead to, for example, a monitor that stated that the patient's kidneys act or do not breathe, which may cause medical staff to give unnecessary measures that may be harmful.
Contec sensitivity does not surprise medical experts and IT who have been warning for years that the safety of medical devices is too loose.
Hospitals are worried about cybernetic risk
“This is a huge gap that has exploded,” said Christopher Kaufman, a business professor at the Westcliff University in Irvine, California, who specializes in IT and groundbreaking technologies, in particular referring to safety gaps in many medical devices.
The American Hospital Association, which represents over 5,000 hospitals and clinics in the USA, is correct. He considers the spread of Chinese medical devices as a serious threat to the system.
As for Contec monitors, aha claims that the problem should be urgently solved.
“We must put it at the top of the patient potential list; We have to patch before burglary, “said John Riggi, a national advisor for cyber security and the risk of American Hospital Association. Riggi also served in the roles of FBI terrorism before joining AHA.
Cisa reports that no software patch is available to help reduce this risk, but in its advice he said that the government is currently working with Contec.
Contec, based in Qinhuangdao in China, did not ask for a comment.
One of the problems is that it is not known how many monitors in the USA
“We do not know because of the volume of equipment in hospitals. We speculate that there are conservative thousands of these monitors; This is a very critical susceptibility, “said Riggi, adding that Chinese access to devices can be strategic, technical risk and supply chain.
In a short period, FDA advised medical systems and patients to make sure that the devices only work locally or disable any remote monitoring; Or if remote monitoring is the only option, stop using the device if an alternative is available. The FDA has stated that so far they are not aware of any incidents related to cyber security, injuries or deaths related to susceptibility.
The American Hospital Association also told its members that until the patch is available, hospitals should make sure that the monitor no longer has access to the Internet and is divided into segments from the rest of the network.
Riggi said that while Contec monitors are a great example of what we often do not consider among the risk of healthcare, it extends to a number of medical equipment produced abroad. He explained that hospitals with American in American cash often buy medical devices from China, a country with the installation of destructive malware inside critical infrastructure in American cheap hardware buys Chinese potential access to the circles of American medical information, which can be re -use and aggregated for all kinds of purposes . Riggs claims that data is often sent to China for a specific purpose of monitoring the performance of the device, but not much more is known about what happens to the data beyond that.
Riggi claims that people are not exposed to a sharp medical risk, such as collected information and aggregated to change the purpose and exposure of a larger medical system. However, he indicates that at least theoretically it cannot be ruled out that outstanding Americans with medical devices can be directed to interference.
“When we talk to hospitals, general directors are surprised, they had no idea about the dangers of these devices, so we help them understand. The question to the government is how to encourage domestic production, away from abroad, “said Riggi.
Chinese collection of data on Americans
Contec warning is similar at a general level to Tiktok, DeepseekIN TP-Link routersand other devices and technology from China, which according to the US government collect data on Americans. “And that's all I have to hear when deciding whether to buy medical devices from China,” said Riggi.
Aras Nazarovas, Information Security Researcher at Cybernews, agrees that the threat of Cisa raises serious problems to be solved.
“We have a lot to worry about,” said Nazarovas. Medical devices, like the Contec CMS8000, often have access to very sensitive patient data and are directly connected to life -saving functions. Nazarovas claims that when the devices are poorly defended, they become an easy victim for hackers who can manipulate displayed data, change significant settings or completely turn off the device.
“In some cases, these devices are so poorly protected that the attackers can gain remote access and change the way the device without a hospital or patients is never knowing,” said Nazarovas.
Contec susceptibility to susceptibility and weaknesses in a number of Chinese medical devices can easily endanger life.
“Imagine a patient monitor who ceases to warn doctors to decrease the patient's heart rate or sends incorrect readings, which leads to a delayed or improper diagnosis,” said Nazarovas. In the case of Contec CMS8000 and Epsimed MN-120 (another brand name of the same technology), a warning from the government, these devices have been configured to allow remote code by a remote server.
“This functionality can be used as an entry point for the hospital network,” said Nazarovas, which leads to the danger of the patient.
More hospitals and clinics pay attention. Bartlett Regional Hospital on Juuneau in Alaska does not use Contec monitors, but always looking for risk. “Regular monitoring is crucial because the risk of cyber security attacks on hospitals is constantly growing,” says Erin Hardin, spokeswoman Bartlett.
However, regular monitoring may not be enough if the devices are produced with bad safety.
Kaufman, potentially deterioration of cases, says Kaufman, consists in the fact that the government department extends departments responsible for the protection of such devices. According to the Associated Press, Many last dismissals in the FDA are employees who review the safety of medical devices.
He says that Kaufman lants the likely lack of government supervision regarding what is already, loosely regulated industry. US government responsibility office report From January 2022, he indicated that 53% of connected medical devices and other devices of the Internet in hospitals knew critical gaps. He says that since then the problem is even worse. “I'm not sure what will be launched from these agencies,” said Kaufman.
“Problems with medical devices have been common and have been known for some time,” said Silas Cutler, the main safety researcher in the list of medical company. “In fact, the consequences can be tragic-even fatal. While loud people are exposed to increased risk, the most affected hospital systems will be most affected, with the influence of cascade on everyday patients. ”