Researcher Jason Sinchak on Recent Cyber Warnings About Contec CMS8000 Devices
A hidden reverse backdoor in low-cost vital sign monitors used globally in patient homes and healthcare settings is hardcoded with an IP address connecting to a Chinese government-funded education and research network, which poses serious potential privacy, safety and other concerns, said security researcher Jason Sinchak of ELTON.
Health-ISAC pulled quotes
While physiologic monitors, such as the affected Contec CMS8000 devices, do not provide life-saving or life-sustaining treatment, they are essential to monitor the condition of at-risk patients, said Phil Englert, medical device security vice president at the Health Information Sharing and Analysis Center (Health-ISAC).
“Patient monitors are monitored centrally to promptly notify caregivers of changes in a patient’s condition. Rapid response can be the difference between a good outcome and a bad outcome,” Englert said.
Healthcare providers are encouraged to evaluate the risks and potential impacts to clinical workflow and clinical outcomes before making changes to the connectivity of monitoring systems,” he said. “If connectivity is maintained, ensure adequate network access controls, segmentation and network traffic monitoring are in place to prevent, detect, and respond to unexpected communications or network activity,” he suggested.
Read the full article in Healthcare InfoSecurity. Click Here
