The FDA and the Cybersecurity and Infrastructure Security Agency (CISA) have issued warnings about the Contec CMS800, a device used to monitor patients’ vital signs, citing the presence of a “backdoor”—a security vulnerability that hackers could easily exploit.
CISA’s investigation revealed that the device was transmitting unusual network data and had a backdoor allowing it to download and execute unverified files from a third-party university—an uncommon and concerning behavior for medical equipment. The agency also found that these downloads overwrite existing files, preventing hospitals from tracking which software is running on the device.
Currently, no software patch is available to address the issue. CISA said it is collaborating with government agencies and Contec to mitigate the risk. Contec did not respond to CNBC’s request for comment.
It remains unclear how many of these monitors are in use across the U.S.
In response to the warning, the American Hospital Association advised hospitals to disconnect the monitors from the internet and isolate them from their broader networks until a fix becomes available.
