Backdoor found in two healthcare patient monitors, linked to IP in China

CISA warns of a backdoor in Contec CMS8000 healthcare patient monitors, sending patient data to a Chinese university IP address and allowing remote file execution. The backdoor, discovered in the firmware, enables remote control and data transmission over an unsecured protocol, raising concerns about patient privacy and device security. Despite CISA’s efforts to address the issue with Contec, no patch is currently available, leaving healthcare organizations vulnerable.