Chinese medical devices are in health systems across U.S., and the government and hospitals are worried Published Sun, Feb 23 2025 10:14 AM EST Updated Mon, Feb 24 2025 4:19 PM EST Kevin Williams KEY POINTS Chinese-made medical devices pose an imminent threat, warn the FDA, CISA and the American Hospital Association. The federal government's cyber watchdog recently discovered a “backdoor” that can easily be exploited on a widely used piece of hospital monitoring equipment. Chinese-made medical devices are found in almost every corner of the health-care ecosystem due to relatively low costs, and there are at least thousands of these monitors in hospitals and clinics across the U.S. The government did note it is working with the device maker Contec on the vulnerability and no known cyber incidents or specific health risks have resulted from the issue to date. CISA's research team described "anomalous network traffic" and the backdoor "allowing the device to download and execute unverified remote files" to an IP address not associated with a medical device manufacturer or medical facility but a third-party university — "highly unusual characteristics" that go against generally accepted practices, "especially for medical devices." "When the function is executed, files on the device are forcibly overwritten, preventing the end customer—such as a hospital—from maintaining awareness of what software is running on the device," CISA wrote. The warnings says such configuration alteration could lead to, for instance, the monitor saying that a patient's kidneys are malfunctioning or breathing failing, and that could cause medical staff to administer unneeded remedies that could be harmful.
KEY POINTS Chinese-made medical devices pose an imminent threat, warn the FDA, CISA and the American Hospital Association.
The federal government's cyber watchdog recently discovered a “backdoor” that can easily be exploited on a widely used piece of hospital monitoring equipment.
Chinese-made medical devices are found in almost every corner of the health-care ecosystem due to relatively low costs, and there are at least thousands of these monitors in hospitals and clinics across the U.S.
The government did note it is working with the device maker Contec on the vulnerability and no known cyber incidents or specific health risks have resulted from the issue to date.
CISA's research team described "anomalous network traffic" and the backdoor "allowing the device to download and execute unverified remote files" to an IP address not associated with a medical device manufacturer or medical facility but a third-party university — "highly unusual characteristics" that go against generally accepted practices, "especially for medical devices."
"When the function is executed, files on the device are forcibly overwritten, preventing the end customer—such as a hospital—from maintaining awareness of what software is running on the device," CISA wrote.
The warnings says such configuration alteration could lead to, for instance, the monitor saying that a patient's kidneys are malfunctioning or breathing failing, and that could cause medical staff to administer unneeded remedies that could be harmful.
官老爷们嫌老百姓的医疗支出还不够高