Please see the Virginia Fusion Center (VFC) Health/Cyber Aware Sector Specific Bulletin attached below concerning cyber security vulnerabilities with Contec Medical Systems patient monitoring equipment.
| Chris Leonard
Regional Healthcare Coordination Center (RHCC) Manager E-mail: cleonard@PROTECTED Office: 757-963-0632 x324 I Cell: 757-513-4709 Toll Free: 844-757-TEMS (8367) I Fax: 757-963-2325 RHCC Activation: 844-757-7422 Eastern Virginia Healthcare Coalition Tidewater EMS Council, Inc. 1104 Madison Plaza, Ste 101, Chesapeake, VA 23320 | |
|
From: VFC Shield <VFCShield@PROTECTED>
Sent: Wednesday, February 5, 2025 11:40 AM
To: Chris Leonard <cleonard@PROTECTED>
Subject: Health/CyberAware Sector Specific Bulletin - Cybersecurity Vulnerabilities With Patient Monitors
| webversion | Health/CyberAware Sector Specific Bulletin - Cybersecurity Vulnerabilities With Patient Monitors
VFC Product # 244278010 |
|
|
Health/CyberAware Sector Specific Bulletin
Cybersecurity Vulnerabilities
With Certain Patient Monitors |
|
|
|
|
VFC Heath/CyberAware Shield Members,
| The Shield Program received notifications from CISA and the FDA advising of vulnerabilities contained in certain patient monitors used by the US Healthcare and Public Health Sector. An analysis of three firmware package versions of the Contec CMS8000 found an embedded backdoor function with a hard-coded IP address and functionality that enables patient data spillage. These monitors may be re-labeled and sold by resellers.
Contec Medical Systems, the company which manufactures this monitor as well as other medical device and healthcare solutions, is headquartered in Qinhuangdao, China. The Contec CMS8000 is used in medical settings across the U.S. and European Union to provide continuous monitoring of a patient?s vital signs?tracking electrocardiogram, heart rate, blood oxygen saturation, non-invasive blood pressure, temperature, and respiration rate. CISA assesses that inclusion of this backdoor in the firmware of the patient monitor can create conditions which may allow remote code execution and device modification with the ability to alter its configuration. This introduces risk to patient safety as a malfunctioning patient monitor could lead to an improper response to patient vital signs.
Follow the links below for more information and recommended actions. -VFC Shield |
|
| |
| This is an open-source product. Redistribution is encouraged.VFC Product # 244278010 | |
|
| |
 | View Virginia Fusion Center Homepage | |
|
 | Observe Suspicious Activity? | |
|
|
|
|
| |
| The opinions or conclusions of the authors reflected in the open source articles and resources is not endorsed and/or does not necessarily reflect the opinion of the Virginia Fusion Center. The sources have been selected to provide you with event information to highlight available resources designed to improve public safety and reduce the probability of becoming a victim of a crime. ------------
You have received this message because cleonard@PROTECTED has subscribed to the "HealthAware" or "CyberAware" mailing lists. Should you wish to unsubscribe please click the link below.
VFC Product # 244278010
unsubscribe update profile
| |
|
| |
| Caution: This email originated outside of Virginia's Regional EMS Councils. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you are unsure, please forward this e-mail to it.team@PROTECTED. |
