The presence of Chinese-manufactured medical devices in US healthcare centers is sounding the alarms for Americans fearing China hacking into medical devices and threatening patient safety and data security.
The Contec CMS8000, a widely used Chinese medical monitor for vital signs, is another case of medical device hacking recently discovered to have a critical security flaw. The Contec CMS8000 monitors heart rate, oxygen saturation, blood pressure, and other vital signs.
In spite of that, the FDA and Cybersecurity and Infrastructure Security Agency (CISA) warned of a “backdoor” vulnerability in the Contec SMS8000 that allows hackers to remotely alter its settings. Any recent hacks on medical devices could result in false readings, causing harmful or unnecessary treatments.
Hacking Medical Devices
Medical devices that can be hacked have long been a worry for experts. Budget-constrained hospitals often rely on low-cost Chinese devices, which pose security risks. Hacking into medical devices can provide hackers with an entry point to sensitive patient data, raising concerns about potential data harvesting and exploitation.
John Riggi, national advisor for cybersecurity and risk of the American Hospital Association (AHA) stressed that hospitals should take medical devices that have been hacked offline from networks or shut down remote monitoring until a reinforcement becomes available.
Aras Nazarovas, an information security researcher, noted that poorly protected medical devices are vulnerable to hacking by attackers with potentially deadly consequences. Improved structures or disabled alarms could lead to significant delays in life-critical diagnoses and treatments, putting patients’ lives at risk.
The FDA advises hospitals to configure Contec monitors for local operation only and disconnect remote monitoring when possible. If remote access is necessary, hospitals should consider transitioning to devices with improved cybersecurity features.
The AHA has recommended isolating these devices from the network until a secure alternative is available.
Despite precautions, hospitals remain wary of Chinese hacking into medical devices. Bartlett Regional Hospital in Alaska, for example, has remained cautious and continued its efforts to review cybersecurity threats, even though they do not use Contec monitors.
Christopher Kaufman, a business professor at Westcliff University in Irvine, California, mentioned that the US government is undergoing budget problems in the offices responsible for monitoring the safety of medical devices, and this could make solving the hacking medical devices issue even more challenging.
Medical Devices Security Challenges
The danger of hacking into medical devices is not new. According to a 2022 report by the US Government Accountability Office, 53% of networked medical devices faced critical vulnerabilities. Medical device hacking has only worsened since then, and experts indicate that hospitals and patients are more likely to be targeted by more severe cybersecurity attacks as more devices get connected to the internet.
“The reality is that the consequences can be dire – and even deadly. While high-profile individuals are at heightened risk, the most impacted are going to be the hospital systems themselves, with cascading effects on everyday patients,” said Silas Cutler, principal security researcher at medical data company Censys.
With the growing medical device market and innovation, hospitals should remain aware of cybersecurity vulnerabilities, and the increase of Chinese medical devices may help in cost savings, but hospitals should balance such cost savings against the danger of cybersecurity exposure.
Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Cybersecurity sections to stay informed and up-to-date with our daily articles.