FDA announces software patch available for Contec, Epsimed patient monitors to address vulnerabilities

Jul 03, 2025 - 02:55 PM
cybersecurity-hand-lock-graphic_900x400

The Food and Drug Administration yesterday released a safety notice announcing a software patch is available to address cybersecurity vulnerabilities in certain Contec and Epsimed patient safety monitors. The patch completely removes networking functionality from the affected devices, making them functional for local monitoring only.

The Cybersecurity and Infrastructure Security Agency and FDA in January announced they discovered the monitors could be remotely controlled by an unauthorized user or not work as intended. The software also had a backdoor, potentially compromising networks the monitors may have been connected to. The announcement said the backdoor provided automated connectivity to an IP address linked to a third-party university.

The FDA said patients, caregivers and health care providers should not install the software patch themselves as it requires specialized expertise. The agency advised users to instead follow recommendations previously issued when the vulnerabilities were announced. The FDA advised health care facility staff to contact Contec at contact@ContecMed.com for the patch and installation instructions.

Related News Articles

Headline
ASPR releases cybersecurity module to conduct risk assessments 
The Administration for Strategic Preparedness and Response has released a new cybersecurity module for organizations to conduct risk assessments. The free…
Perspective
Staying Cyber Alert and Cyber Ready
Public
As the world has learned in recent years, today’s conflicts are fought with many weapons, and cyber warfare is an integral part of the arsenal.As of this…
Headline
FBI reminds of potentially malicious activity by Iranian cyber actors
The FBI is reminding critical infrastructure organizations to implement mitigations from a June 2025 fact sheet on potential actions by Iranian-affiliated…
Headline
CISA report updates findings on RESURGE malware attacks
The Cybersecurity and Infrastructure Security Agency Feb. 26 released a report that updates findings from last year on RESURGE malware used to gain covert…
Headline
Agencies issue guidance on exploitation of Cisco systems by cyber actors 
U.S. and international agencies Feb. 25 released guidance on protecting Cisco Software-defined Wide-area Networking systems from exploitation by malicious…
Headline
NSA issues guidelines on zero trust architecture
The National Security Agency has released two phases of its Zero Trust Implementation Guidelines for organizations to improve their zero trust architecture.…