FlagThis

The FDA issued a safety communication regarding cybersecurity vulnerabilities in Contec CMS8000 and Epsimed MN-120 patient monitors. While not containing malicious backdoors, the insecure design poses serious patient risks, especially when internet-connected. These vulnerabilities highlight risks associated with connected medical devices and the need for robust security measures in healthcare settings. Although initially reported as having a backdoor, further analysis revealed the problem was due to poor design rather than a malicious actor.

The New York Blood Center Enterprises (NYBC), a vital organization responsible for supplying blood and blood products to hospitals across the region, has fallen victim to a ransomware attack. The incident has significantly disrupted its IT systems, forcing the organization to implement emergency measures while cybersecurity experts work to prevent the threat.

A backdoor has been discovered in the Contec CMS8000 patient monitor, a device manufactured by a Chinese company. This backdoor allows for remote code execution and data exfiltration, potentially sending patient data to a hardcoded IP address in China. This incident underscores serious concerns about the security of medical devices and the potential for supply chain attacks, particularly when sensitive patient data is involved. This has resulted in warnings from CISA and FDA.

A cyberattack caused a major incident at the UK’s Wirral University Teaching Hospital (WUTH), resulting in postponed appointments and procedures and a system outage. The hospital moved to paper-based methods and continues to experience disruptions. This highlights the vulnerability of healthcare systems to cyberattacks and the potential for serious disruption to patient care.

A report reveals LifeLabs, a Canadian medical testing company, failed to adequately protect customer data in a 2019 ransomware attack. The breach exposed the personal health information of 15 million and personally identifiable information of 8.6 million Canadians. The findings highlight critical shortcomings in LifeLabs’ cybersecurity practices and underscore the need for robust data protection measures in the healthcare sector. The four year delay in releasing the report is also concerning.

This cluster covers a cyberattack that significantly disrupted services at Wirral University Teaching Hospital (WUTH) in the UK. The attack resulted in postponed appointments and procedures, highlighting the vulnerability of healthcare systems to cyberattacks and the potential impact on patient care. The incident underscores the need for robust cybersecurity measures within the healthcare sector.

A data breach at a French hospital exposed the medical records of over 750,000 patients. The attacker, known as “nears,” claimed responsibility for compromising multiple healthcare facilities in France.