Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
A popular medical monitor is the latest device produced in China to obtain inspection for potential cyber risks. But not the only health device we should be worried. Experts say that the spread of Chinese medical aid devices in the US medical system is causing concern in all ecosystems.
Contec CMS8000 is a popular medical monitor that follows the vital signs of a patient. The device follows electrocardiogram, heart rate, blood oxygen saturation, non-invasive blood pressure, temperature and respiratory rate. In recent months Fda and both cybership and infrastructure security agency (CISA) He warned about a “back The device is an easy weakness that can allow you to change the configuration of a bad actor. “
CISA research group “Anomalous Network Traffic” and a medical device manufacturer or medical institution, which allows the background to download and implement the device’s not approved remote files “, but an IP address not affiliated with a third party university” allowed anomalous network traffic ” And “High Unusual Features” has generally been accepted, “especially for medical facilities.”
“When the activity is executed, the files on the device are forcibly written, the device is to maintain awareness of the device to work on the device,” CISA wrote.
Warnings said that such configuration change, for example, the monitor said that the kidneys of a patient caused failure or breathing or breathing can lead to the management of non-harmful vehicles.
Sensitivity of CONTEC’s equipment has not surprised medical and IT specialists who have noticed that medical device security is very laku.
Hospitals are concerned about cyber risks
“This is a great cavity to blow up,” he said, Christopher Kaufman, who specializes in the security cavity in many medical devices and a business at the University of Dash and Violent technologies in the University of Westcliff.
An American Hospital Union representing more than 5,000 hospitals and clinics in the United States. It looks for the spread of Chinese medical devices as a serious threat to the system.
Special, AHA says that the problem should be resolved immediately to the Contection Monitors.
“We need to put the top of the list for the potential for the patient; we have to patch before hacking,” said John Riggi, a National Consultant for Cybersecurity and the Association of the American Hospital. Riggi also served as FBI anti-terrorism before joining AHA.
The Character says that there is no program patch to help lighten this risk, but his recommendation said the government is working with Contes.
Gunhuangdao, China, China, did not return a survey for comments.
One of the problems is the lack of knowledge of how many monitors in the United States
“We are unable to see the volume of equipment in hospitals. Thousands of these monitors have thousands of thousands of monitor; This is a very important weakness,” he said. Technical and supply chain risks.
In the short term, FDA advised to make sure that the devices of medical systems and patients only reject the devices or refusing to follow any remote; Or remote tracking If only one option is an alternative to stop using the device. The FDA is not aware of any cyber or deaths, injuries or deaths related to the sensitivity to this day so far.
The American Hospital Association should be sure that the members did not access hospitals until they are available to the members and be segmented from the rest of the network.
Riggi said that Concept monitors are often the main example of what we do not take into account between health risk, which extends to a number of medical equipment produced abroad. Cashed US hospitals, explained, often purchasing medical devices from China, a country with a history of destructive infrastructure in the critical infrastructure, has a medical information in the critical infrastructure, is purchased for any purpose of China’s medical information and is purchased for any purpose. Riggi says data is often transmitted to China for tracking the activities of a device, but something else is known about what happened to what information beyond.
Riggi gathered and collected and collected to risk and put the larger medical system. Again, at least theoretically, it is impossible to be awarded the violation of Americans famous for medical devices.
“When talking to hospitals, there were no imagination on the dangers of these devices, so it helps to understand. The question for the government is to remove foreign production from abroad,” he said.
Chinese data collection about Americans
Contec warning is similar to a total level of tiktok, Depth, TP-Link routersOther facilities and technologies from the US government information about Americans and from China. “This is what is needed to hear from China to buy and receive medical devices,” Riggi said.
Information security researcher Aras Nazarovas in Cybernews agrees to remove serious problems that must be resolved.
“We have a lot to be afraid,” he said. Medical devices like Contec CMS8000 are often accessed to highly sensitive patient data and connect directly to the functions of life-saving functions. Nazarovas, when the devices are poorly protected, they can manipulate the displayed information, change vital parameters or have easy prey for hackers that can completely disable the device.
“In some cases, these devices are so weak that the attackers can get remotely access and change how the device works without hospitals or patients,” said Nazarovas.
The results of a number of sensitivity and vulnerabilities of Chinese-made medical devices can be easily in danger. “Imagine that doctors send the wrong readings that stop a drop of a drop in a patient’s heart rate or were delayed or wrongly diagnosed,” Nazarovas said. Contec CMS8000 and EPSIMED MN-120 (a different brand for the same technology), “can be used as a point in the hospital’s network,” Nazarovas added.
More hospitals and clinics pay attention. Bartlett Regional Hospital in Juneau does not use Alaska, Contact monitors, but always looking for risk. “Regular monitoring continues to increase the risk of increasing the risk of cyberectity attacks to hospitals,” he said.
At the same time, regular monitoring may not be sufficient in the process of poor security.
Potentially worsen. According to the Associated Press, Most of the latest work in the FDA are employees who consider the security of medical equipment.
Kaufman says that the lack of the supervision of the government is already the possibility of the supervision of the government. US Government Report Administration report In January 2022, 53% of medical equipment and other internet of hospitals reported that they knew critical weaknesses. He says the problem is deteriorating since then. “I’m not sure these agencies will be used,” Kaufman said.
“Medical device problems are widespread and have been recognized for a while,” Silas Cutler, a main security researcher in Censys. The truth is that the results can be terrible and can be fatal.
