FDA Warns of Cybersecurity Risks in Contec and Epsimed Patient Monitors

The FDA has flagged serious cybersecurity vulnerabilities in certain Contec and Epsimed patient monitors, warning that unauthorized users could remotely access, manipulate, or disable these devices. The vulnerabilities include a hidden backdoor in the software, allowing attackers to bypass security controls and potentially compromise patient safety by altering vital sign data or preventing proper device function. While there have been no reported incidents, injuries, or deaths linked to these vulnerabilities, the Cybersecurity and Infrastructure Security Agency (CISA) has classified the risk as severe, emphasizing the potential for data breaches and disruptions in patient monitoring.

To mitigate these risks, the FDA is advising healthcare IT staff to disable remote monitoring, disconnect affected devices from the internet, and, if necessary, stop using them entirely. Without an available software patch to resolve the issue, continuing to use the monitors with wireless capabilities enabled leaves them vulnerable to cyber threats. The warning highlights broader concerns about the growing threat to healthcare cybersecurity, as data breaches in the industry have skyrocketed in recent years, endangering both patient privacy and safety.

4o