CISA and the FDA have issued urgent warnings about security flaws in certain patient monitors. These vulnerabilities could let hackers access and manipulate device data remotely.
A report identified CVE-2025-0626, a critical flaw with a CVSS v4 score of 7.7. The affected monitors send remote access requests to a hard-coded IP address, bypassing network settings. As a result, hackers can upload and overwrite files on the device.
Additionally, researchers found two other severe vulnerabilities:
- CVE-2024-12248 (CVSS 9.3): Allows remote code execution through crafted UDP requests.
- CVE-2025-0683 (CVSS 8.2): Sends plain-text patient data to a public IP address, exposing sensitive records.
These flaws make unauthorized access easier. A report found that the hard-coded IP address belongs to a third-party university, not a medical facility or manufacturer. Therefore, attackers could exploit this to steal patient data or alter device functions, putting healthcare facilities at risk.
The security flaws affect multiple CMS8000 Patient Monitor versions and its rebranded version, Epsimed MN-120. Since no patches exist, organizations must take immediate precautions.
Recommended Actions
Because no fixes are available, CISA urges hospitals to disconnect affected monitors from their networks. Additionally, staff should watch for unusual device behavior, such as incorrect patient vitals.
Preventing Future Risks
Manufacturers must prioritize cybersecurity when designing medical devices. For example, encrypting data, conducting regular security audits, and removing hard-coded access points can prevent future breaches. Healthcare providers should also stay updated on security alerts to protect patient data effectively.
