DDoS
“CISA Warns of Possible DDoS Risk in Contec Patient Monitor Medical devices”
https://www.scmagazine.com/analysis/device-security/cisa-warns-of-possible-ddos-risk-in-contec-patient-monitor-medical-devices
In September 2022, CISA reported that Contec Health patient monitor medical devices—namely, the CME8000—are vulnerable to possible threat actor attacks, such as mass DDoS attacks or malicious firmware updates—anywhere Contec Health patient monitor medical devices are used due to security bugs in the devices. One bug is that uncontrolled resource consumption causes failures in the parsing of malformed network data in the CMS800, for example. The bugs could be exploited by threat actors looking to gain control of health networks or sensitive data. This report is significant because it shows that the lack of security in the devices makes employees and patients vulnerable to a threat actor. One possible solution for addressing this issue is to improve authentication/controls that would prevent a threat actor from accessing the network through the devices; fix security bugs in the CME8000.
Who, What, When, Where, Why, How, So What?!, possible Solution
Who: Contec Health patient monitor medical devices
What: possible mass DDoS attack on all CME8000 devices and other Contec devices connected to the same network, malicious firmware
When: Reported in September 2022
Where: anywhere Contec Health patient monitor medical devices are used
Why: to gain access to or control of health systems/data
You’re 67% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.