@www.fda.gov - 27d
The Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued warnings regarding a critical security flaw in Contec CMS8000 patient monitors. These monitors, manufactured by a Chinese company, contain a hidden backdoor that allows for unauthorized remote access. This backdoor enables the devices to connect to a hard-coded IP address located at a third-party university in China, potentially allowing the download and execution of unverified files. The vulnerability, tracked as CVE-2025-0626 and CVE-2025-0683, impacts all analyzed firmware versions of the device.
The discovered backdoor poses a significant risk to patient safety and data privacy. It allows malicious actors to modify device settings, execute arbitrary code, and alter displayed vital signs. Furthermore, patient data, including personal and health information, is being sent in plain text to the hardcoded IP address. This unauthorized exfiltration of sensitive information and the potential for device manipulation could lead to improper medical responses and endanger patient well-being. CISA has stated that the backdoor is unlikely to be a normal update mechanism, noting it lacks any integrity-checking or version tracking, making it difficult for hospitals to detect compromised devices.
Recommended read:
References :
- BleepingComputer: The US Cybersecurity and Infrastructure Security Agency (CISA) is warning that Contec CMS8000 devices, a widely used healthcare patient monitoring device, include a backdoor that quietly sends patient data to a remote IP address and downloads and executes files on the device.
- : CISA : CISA has an 11 page warning that a patient monitor known as Contec CMS8000 has an embedded backdoor with a hardcoded IP address which enables patient data spillage, or remote code execution (CISA puts forth a scenario where the device is altered to display inaccurate patient vital signs, which poses a serious risk to patient's safety).
- BleepingComputer: Backdoor found in two healthcare patient monitors, linked to IP in China
- www.bleepingcomputer.com: The US Cybersecurity and Infrastructure Security Agency (CISA) is warning that Contec CMS8000 devices, a widely used healthcare patient monitoring device, include a backdoor that quietly sends patient data to a remote IP address and downloads and executes files on the device.
- www.helpnetsecurity.com: Patient monitors with backdoor are sending info to China, CISA warns
- socradar.io: CISA Warns of Backdoor in Contec CMS8000 Patient Monitors
- The Hacker News: CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors
- cyberinsider.com: CISA issues a warning about a backdoor in Contec CMS8000 patient monitors, highlighting the risk of remote code execution and patient data exfiltration.
- Help Net Security: Patient monitors with backdoor are sending info to China, CISA warns.
- thecyberexpress.com: Critical Flaws in Contec CMS8000 Allow Remote Code Execution and Patient Data Theft
- CyberInsider: Contec Monitors Used in U.S. Hospitals Carry Chinese Backdoor
- securityaffairs.com: The U.S. CISA and the FDA warned of a hidden backdoor in Contec CMS8000 and Epsimed MN-120 patient monitors.
- : Information about the backdoor found in Contec patient monitors.
- securityonline.info: The Contec CMS8000 patient monitors are vulnerable to remote attacks.
- ciso2ciso.com: Backdoor in Chinese-made healthcare monitoring device leaks patient data – Source: www.csoonline.com
- securityboulevard.com: Critical ‘Backdoor’ Discovered in Widely Used Healthcare Patient Monitors
- www.csoonline.com: Contec CMS8000 patient monitors are found to have a hidden backdoor that transmits patient data to a hardcoded IP address and executes files remotely.
- Security Boulevard: Critical ‘Backdoor’ Discovered in Widely Used Healthcare Patient Monitors
- therecord.media: CyberScoop article about the vulnerabilities in the monitors.
- Pyrzout :vm:: Contec CMS8000 patient monitors contain a hidden backdoor – Source: securityaffairs.com
- ciso2ciso.com: Contec CMS8000 patient monitors contain a hidden backdoor – Source: securityaffairs.com
- securityboulevard.com: Healthcare Crisis Emerges: Cybersecurity Vulnerabilities in Patient Monitors Confirmed by FDA
- Vulnerability-Lookup: A new bundle, CISA Releases Fact Sheet Detailing Embedded Backdoor Function of Contec CMS8000 Firmware, has been published on Vulnerability-Lookup:
- securityonline.info: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert regarding the Contec CMS8000 patient monitors.
- securityonline.info: CISA Warns of Hidden Backdoor in Contec CMS8000 Patient Monitors
- www.cysecurity.news: The U.S. Food and Drug Administration (FDA) has issued a safety communication highlighting cybersecurity vulnerabilities in certain patient monitors manufactured by Contec and relabeled by Epsimed.
- ciso2ciso.com: This news alert brings light to a critical backdoor discovered in widely used healthcare patient monitors.
- ciso2ciso.com: Critical ‘Backdoor’ Discovered in Widely Used Healthcare Patient Monitors
- Security Boulevard: CISA/FDA Warn: Chinese Patient Monitors Have BAD Bugs
- securityboulevard.com: CISA/FDA Warn: Chinese Patient Monitors Have BAD Bugs
- claroty.com: Do the CONTEC CMS8000 Patient Monitors Contain a Chinese Backdoor? The Reality is More Complicated…
- www.heise.de: Medical surveillance monitor: Backdoor discovered in Contec CMS8000 Attackers can attack medical hardware from Contec. This can result in malicious code getting onto devices. There has been no security update to date.
- : Claroty : There was increased interest in healthcare industry's patient monitors after CISA warned on 31 January 2025 that . Claroty's Team82 actually previously investigated the firmware and reached the conclusion that it is most likely not a hidden backdoor, but instead an insecure/vulnerable design that introduces great risk to the patient monitor users and hospital networks. Their conclusion is mainly based on the fact that the vendor—and resellers who re-label and sell the monitor—list the IP address in their manuals and instruct users to configure the Central Management System (CMS) with this IP address within their internal networks. h/t: ; cc: Note: there's associated vulnerabilities: (CVSSv4: 7.7/v3.1: 7.5 high) Hidden Functionality vulnerability in Contec Health CMS8000 Patient Monitor (CVSSv4: 8.2 high/v3.1: 5.9 medium) Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Contec Health CMS8000 Patient Monitor
Guru Baran@Cyber Security News - 26d
The New York Blood Center Enterprises (NYBC), a major provider of blood and blood products, has been targeted by a ransomware attack, severely impacting its IT systems. The incident, which was detected on Sunday, January 26th, forced NYBC to take systems offline as a precautionary measure to contain the threat. Cybersecurity experts were immediately engaged and an investigation was launched in conjunction with law enforcement. While the organization is working to restore services, it has noted that operations will be affected and that it is deploying workaround solutions to minimize the disruption. The attack has raised concerns about potential impacts on critical blood donation and distribution services across the region.
NYBC has emphasized that it remains focused on the health of the communities it serves and is taking all possible steps to restore its IT infrastructure. The organization is working with hospital partners to maintain services, while also expressing gratitude for support from the healthcare community during this time. There is currently no indication whether or not sensitive patient or donor data has been compromised, nor has any information on ransom demands been provided. The attack underscores the increasing vulnerability of healthcare entities to cyberattacks and the potential risks associated with these kinds of malicious activities.
Recommended read:
References :
- Cyber Security News: News about the ransomware attack on the New York Blood Center.
- gbhackers.com: New York Blood Center Targeted by Ransomware, IT Operations Impacted
- Security Boulevard: Ransomware Scum — Out For Blood: NYBCe is Latest Victim
- gbhackers.com: New York Blood Center Targeted by Ransomware, IT Operations Impacted
- securityboulevard.com: Security Boulevard reports on the NYBC ransomware attack and its impact.
- gbhackers.com: Tata Technologies, a leading provider of engineering and IT services, has reported a ransomware attack on its IT infrastructure.
- www.cybersecurity-insiders.com: Tata Technologies, a multinational business that is into the sector of Technology engineering from India has released a press statement that whole of its IT services were suspended as a precautionary measure to mitigate cyber risks associated with the attack.
- bsky.app: The New York Blood Center (NYBC), one of the world's largest independent blood collection and distribution organizations, says a Sunday ransomware attack forced it to reschedule some appointments.
- BleepingComputer:
The New York Blood Center (NYBC), one of the world's largest independent blood collection and distribution organizations, says a Sunday ransomware attack forced it to reschedule some appointments.
- securityaffairs.com: Security Affairs article on the ransomware attack against the New York Blood Center.
- Pyrzout :vm:: Another article covering the NYBC ransomware incident.
- ciso2ciso.com: A ransomware attack forced New York Blood Center to reschedule appointments – Source: securityaffairs.com
- www.scworld.com: New York Blood Center Enterprises, one of the leading independent blood centers across the U.S., had its blood drives and donation center activities deferred following a ransomware attack.
@www.bleepingcomputer.com - 19d
Hospital Sisters Health System (HSHS) has notified over 882,000 patients about a significant data breach stemming from a cyberattack in August 2023. The breach exposed the personal and health information of these individuals, raising concerns about data security within the healthcare sector. HSHS, established in 1875, operates a network of 15 local hospitals across Illinois and Wisconsin and works with over 2,200 physicians.
The health system discovered the security breach on August 27, 2023, after detecting unauthorized access to its network. Following the discovery, HSHS initiated an investigation to assess the scope and impact of the incident. The notification sent to patients confirmed that the cyberattack led to the compromise of their personal data, emphasizing the importance of vigilance regarding potential misuse of the exposed information.
Recommended read:
References :
- BleepingComputer: Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach that exposed their personal and health information.
- securityaffairs.com: The cyberattack on Hospital Sisters Health System in 2023 compromised the personal information of 883,000 individuals.
- www.bleepingcomputer.com: US health system notifies 882,000 patients of August 2023 breach
- BleepingComputer: Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach that exposed their personal and health information.
- Anonymous ???????? :af:: Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach that exposed their personal and health information.
- BleepingComputer: Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach.
@securityaffairs.com - 90d
A major cyberattack has hit Wirral University Teaching Hospital (WUTH) in the UK, causing a significant disruption to its operations. The attack, publicly disclosed on Monday, led to a system outage forcing the hospital to rely on paper-based methods for managing appointments and procedures. Many appointments and scheduled procedures have been postponed as a result of this incident, highlighting the vulnerability of healthcare systems to cyberattacks and the potential for serious disruption to patient care.
The incident prompted WUTH, which includes Arrowe Park Hospital, Clatterbridge Hospital, and Wirral Women and Children's Hospital, to implement its business continuity plans. Staff are now using manual processes to maintain essential services, while emergency services remain strained. The hospital has urged the public to only attend the Emergency Department for genuine emergencies. Further details regarding the nature of the attack remain undisclosed.
While the hospital is working closely with national cybersecurity services to restore normal operations, the incident underscores the urgent need for robust cybersecurity measures within the healthcare sector. The reliance on paper-based systems, a temporary solution, is causing delays and disruptions in patient care, demonstrating the far-reaching impact of such attacks. The ongoing situation emphasizes the critical importance of investing in and maintaining strong digital security infrastructure to protect patient data and ensure the continuous delivery of essential healthcare services.
Recommended read:
References :
- infosec.exchange: Mastodon post from @infosecnews regarding the cyberattack impacting Wirral University Teaching Hospital.
- securityaffairs.com: Security Affairs discusses the cyberattack that affected the UK's Wirral University Teaching Hospital, leading to appointment and procedure delays.
- www.bleepingcomputer.com: BleepingComputer reports on the cyberattack that caused systems outages at Wirral University Teaching Hospital.
- infosec.exchange: Infosec.exchange shares the news of a cyberattack at the UK's Wirral University Teaching Hospital.
- bsky.app: Social media post mentioning the cyberattack on Wirral University Teaching Hospital.
- malware.news: News about a cyberattack at a UK hospital that caused outpatient appointments to be cancelled.
- www.scworld.com: Report on a cyberattack at a UK hospital that caused the postponement of procedures.
- kim_harding ?: Mastodon post about a cyberattack impacting the UK’s Wirral University Teaching Hospital.
- infosec.exchange: Post mentioning a cyberattack on UK’s Wirral University Teaching Hospital.
- infosec.exchange: Infosec.exchange post reports on a cyberattack on UK’s Wirral University Teaching Hospital, leading to systems outage and postponed procedures.
- malware.news: Wirral University Teaching Hospital NHS Trust in the UK suffered a cyberattack that led to IT system outages, forcing staff to use manual processes and causing delays in patient services.
- www.theregister.com: Another report on the cyberattack
@securityaffairs.com - 90d
A major cyberattack has hit Wirral University Teaching Hospital (WUTH) in the UK, causing a significant disruption to its operations. The attack, publicly disclosed on Monday, led to a system outage forcing the hospital to rely on paper-based methods for managing appointments and procedures. Many appointments and scheduled procedures have been postponed as a result of this incident, highlighting the vulnerability of healthcare systems to cyberattacks and the potential for serious disruption to patient care.
The incident prompted WUTH, which includes Arrowe Park Hospital, Clatterbridge Hospital, and Wirral Women and Children's Hospital, to implement its business continuity plans. Staff are now using manual processes to maintain essential services, while emergency services remain strained. The hospital has urged the public to only attend the Emergency Department for genuine emergencies. Further details regarding the nature of the attack remain undisclosed.
While the hospital is working closely with national cybersecurity services to restore normal operations, the incident underscores the urgent need for robust cybersecurity measures within the healthcare sector. The reliance on paper-based systems, a temporary solution, is causing delays and disruptions in patient care, demonstrating the far-reaching impact of such attacks. The ongoing situation emphasizes the critical importance of investing in and maintaining strong digital security infrastructure to protect patient data and ensure the continuous delivery of essential healthcare services.
Recommended read:
References :
- bsky.app: A cyberattack on UK’s Wirral University Teaching Hospital has forced systems offline, delaying procedures & moving operations to paper-based methods
- infosec.exchange: Major UK healthcare provider Wirral University Teaching Hospital (WUTH), part of the NHS Foundation Trust, has suffered a cyberattack that caused a systems outage leading to postponing appointments and scheduled procedures.
- securityaffairs.com: UK’s Wirral University Teaching Hospital suffered a cyberattack that caused delays in appointments and procedures.
@claroty.com - 23d
The FDA and CISA have issued warnings regarding cybersecurity vulnerabilities found in Contec CMS8000 and Epsimed MN-120 patient monitors. These monitors, often used for remote patient care in homes and hospice settings, present potential risks when connected to the internet. The agencies advise users to disconnect these devices from the network where possible.
These vulnerabilities could allow unauthorized access and manipulation of the devices. CISA discovered a backdoor function with a hard-coded IP address in all analyzed firmware versions of the Contec CMS8000. The identified risks include the potential for unauthorized transmission of patient data and remote code execution, with one vulnerability scoring a critical 9.8 CVSS. These patient monitors display vital patient information including temperature, heartbeat and blood pressure.
Recommended read:
References :
- ciso2ciso.com: Critical ‘Backdoor’ Discovered in Widely Used Healthcare Patient Monitors – Source: securityboulevard.com
- securityboulevard.com: CISA/FDA Warn: Chinese Patient Monitors Have BAD Bugs
- www.heise.de: Medical surveillance monitor: Backdoor discovered in Contec CMS8000
|
|
FlagThis - #healthcaresecurity