Connect with us

Published

9 months ago

on

A popular medical monitor is the latest device produced in China to receive scrutiny for its potential cyber risks.  However, it is not the only health device we should be concerned about. Experts say the proliferation of Chinese health-care devices in the U.S. medical system is a cause for concern across the entire ecosystem. 

The Contec CMS8000 is a popular medical monitor that tracks a patient’s vital signs.  The device tracks electrocardiograms, heart rate, blood oxygen saturation, non-invasive blood pressure, temperature, and respiration rate.  In recent months, the FDA and the Cybersecurity and Infrastructure Security Agency (CISA) both warned about a “backdoor” in the device, an “easy-to-exploit vulnerability that could allow a bad actor to alter its configuration.”  

CISA’s research team described “anomalous network traffic” and the backdoor “allowing the device to download and execute unverified remote files” to an IP address not associated with a medical device manufacturer or medical facility but a third-party university — “highly unusual characteristics” that go against generally accepted practices, “especially for medical devices.”

“When the function is executed, files on the device are forcibly overwritten, preventing the end customer—such as a hospital—from maintaining awareness of what software is running on the device,” CISA wrote.

The warnings says such configuration alteration could lead to, for instance, the monitor saying that a patient’s kidneys are malfunctioning or breathing failing, and that could cause medical staff to administer unneeded remedies that could be harmful. 

The Contec’s vulnerability doesn’t surprise medical and IT experts who have warned for years that medical device security is too lax. 

Hospitals are worried about cyber risks

“This is a huge gap that is about to explode,” said Christopher Kaufman, a business professor at Westcliff University in Irvine, California, who specializes in IT and disruptive technologies, specifically referring to the security gap in many medical devices.

The American Hospital Association, which represents over 5,000 hospitals and clinics in the U.S., agrees. It views the proliferation of Chinese medical devices as a serious threat to the system. 

As for the Contec monitors specifically, the AHA says the problem urgently needs to be addressed. 

“We have to put this at the top of the list for the potential for patient harm; we have to patch before they hack,” said John Riggi, national advisor for cybersecurity and risk for the American Hospital Association.  Riggi also served in FBI counterterrorism roles before joining the AHA. 

CISA reports that no software patch is available to help mitigate this risk, but in its advisory said the government is currently working with Contec. 

Contec, headquartered in Qinhuangdao, China,  did not return a request for comment. 

One of the problems is that it is unknown how many monitors there are in the U.S. 

“We don’t know because of the sheer volume of equipment in hospitals. We speculate there are, conservatively, thousands of these monitors; this is a very critical vulnerability,” Riggi said, adding that Chinese access to the devices can pose strategic, technical, and supply chain risks. 

In the short-term, the FDA advised medical systems and patients to make sure the devices are only running locally or to disable any remote monitoring; or if remote monitoring is the only option, to stop using the device if an alternative is available. The FDA said that to date it is not aware of any cybersecurity incidents, injuries, or deaths related to the vulnerability.

The American Hospital Association has also told its members that until a patch is available, hospitals should make sure the monitor no longer has access to the internet, and is segmented from the rest of the network.

Riggi said the while the Contec monitors are a prime example of what we don’t often consider among health care risk, it extends to a range of medical equipment produced overseas. Cash-strapped U.S. hospitals, he explained, often buy medical devices from China, a country with a history of installing destructive malware inside critical infrastructure in the U.S.  Low-cost equipment buys the Chinese potential access to a trove of American medical information that can be repurposed and aggregated for all sorts of purposes. Riggs says data is often transmitted to China with the stated purpose of monitoring a device’s performance, but little else is known about what happens to the data beyond that. 

Riggi says individuals aren’t at acute medical risk as much as the information being collected and aggregated for repurposing and putting the larger medical system at risk. Still, he points out that, at least theoretically, is can’t be ruled out that prominent Americans with medical devices could be targeted for disruption. 

“When we talk to hospitals,  CEOS are surprised, they had no idea about the dangers of these devices, so we are helping them understand.  The question for government is how to incentivize domestic production, away from overseas,”  Riggi said. 

Chinese data collection on Americans

The Contec warning is similar at a general level to TikTok, DeepSeek, TP-Link routers, and other devices and technology from China that the U.S. government says are collecting data on Americans. “And that is all I need to hear in deciding whether to buy medical devices from China,” Riggi said. 

Aras Nazarovas, an information security researcher at Cybernews, agrees that the CISA threat raises serious issues that need to be addressed. 

“We have a lot to fear,” Nazarovas said. Medical devices, like the Contec CMS8000, often have access to highly sensitive patient data and are directly connected to life-saving functions.  Nazarovas says that when the devices are poorly defended, they become easy prey for hackers who can manipulate the displayed data, alter vital settings, or disable the device completely.  

“In some cases, these devices are so poorly protected that attackers can gain remote access and change how the device operates without the hospital or patients ever knowing,” Nazarovas said. 

The consequences of the Contec vulnerability and vulnerabilities in an array of Chinese-made medical devices could easily be life-threatening.  

“Imagine a patient monitor that stops alerting doctors to a drop in a patient’s heart rate or sends incorrect readings, leading to a delayed or wrong diagnosis,” Nazarovas said. In the case of the Contec CMS8000, and Epsimed MN-120 (a different brand name for the same tech), warning from the government, these devices were configured to allow remote code execution by the remote server.  

“This functionality can be used as an entry point into the hospital’s network,” Nazarovas said, leading to patient danger.  

More hospitals and clinics are paying attention. Bartlett Regional Hospital in Juneau, Alaska, does not use the Contec monitors but is always looking for risks. “Regular monitoring is critical as the risk of cybersecurity attacks on hospitals continues to increase,” says Erin Hardin, a spokeswoman for Bartlett.  

However, regular monitoring may not be enough as long as devices are made with poor security. 

Potentially making matters worse, Kaufman says, is that the Department of Government Efficiency is hollowing out departments in charge of safeguarding such devices. According to the Associated Press, many of the recent layoffs at the FDA are employees who review the safety of medical devices. 

Kaufman laments the likely lack of government supervision on what is already, he says, a loosely regulated industry. A U.S. Government Accountability Office report as of January 2022, indicated that 53% of connected medical devices and other Internet of Things devices in hospitals had known critical vulnerabilities. He says the problem has only gotten worse since then. “I’m not sure what is going to be left running these agencies,” Kaufman said.

“Medical device issues are widespread and have been known for some time now,” said Silas Cutler, principal security researcher at medical data company Censys. “The reality is that the consequences can be dire – and even deadly. While high-profile individuals are at heightened risk, the most impacted are going to be the hospital systems themselves, with cascading effects on everyday patients.”  

Related Topics:
Continue Reading

Technology

CNBC Daily Open: SoftBank goes all in on OpenAI as ‘Big Short’ investor issues caution on AI firms

Published

3 hours ago

on

November 12, 2025

By

CNBC Daily Open: SoftBank goes all in on OpenAI as 'Big Short' investor issues caution on AI firms

Jensen Huang, co-founder and chief executive officer of Nvidia Corp., left, and Masayoshi Son, chairman and chief executive officer of SoftBank Group Corp., during a fireside chat at the Nvidia AI Summit Japan in Tokyo, Japan, on Wednesday, Nov. 13, 2024.

Akio Kon | Bloomberg | Getty Images

SoftBank is selling its entire stake in Nvidia — but not for the reasons you might think.

In its earnings statement released Tuesday, the Japanese group said that it had sold 32.1 million Nvidia shares in October for $5.83 billion.

At first blush, this could be read as a sign that Nvidia’s high valuations are causing SoftBank some unease. And if SoftBank — which infamously pumped $18.5 billion into WeWork only to value it at $2.9 billion eventually — is tamping down on its usual optimism regarding its investments, then retail traders should probably pay attention.

Adding to such worries are comments by Michael Burry — who bet against subprime mortgages before they caused a whole financial crisis in 2008 — on major artificial intelligence companies.

Burry wrote Monday in a post on X that those firms are “understating depreciation” of AI chips, which “artificially boosts earnings — one of the more common frauds of the modern era.”  CNBC could not independently confirm that companies were practicing this.

This doesn’t seem to be SoftBank’s concern, however. A person familiar with the group’s sale told CNBC that it had nothing to do with AI valuations. On the contrary, cash from offloading Nvidia chips will be redirected to SoftBank’s $22.5 billion investment in OpenAI, the person said.

Burry said in his post that he will reveal “more details” on Nov. 25, and exhorted readers to “stay tuned.” That might not be enough enticement for SoftBank CEO Masayoshi Son.

— CNBC’s Yun Li, April Roach and Dylan Butts contributed to this report.

What you need to know today

And finally…

Ms. Jo Malone CBE on resilience, reinvention—and rewriting her destiny

Continue Reading

Technology

Singapore sees further cooperation between ASEAN and EU on digital economy, deputy PM says

Published

4 hours ago

on

November 12, 2025

By

Singapore sees further cooperation between ASEAN and EU on digital economy, deputy PM says

Gan Kim Yong, Singapore’s deputy prime minister, during a panel session, at the World Economic Forum (WEF) in Davos, Switzerland, on Tuesday, Jan. 21, 2025.  

Stefan Wermuth | Bloomberg | Getty Images

Despite rising trade tensions, Singapore still wants to push ahead with a “multilateral, rules-based trading system,” and sees further cooperation between ASEAN and the European Union.

This was according to Deputy Prime Minister Gan Kim Yong, who spoke at the Singapore Fintech Festival on Wednesday.

Gan, who is also Singapore’s minister for trade and industry, said in a fireside chat with DBS CEO Tan Su Shan that “if we are able to bring both EU and ASEAN together to discuss a digital economic agreement between EU and ASEAN, I think there will be a major breakthrough.”

He also added, “EU will not be part of ASEAN. ASEAN will not be part of EU, but it doesn’t stop [the] EU and ASEAN [to] come together to discuss areas that we can work together.”

Gan did say however, that this will take time, and the two sides will first discuss a digital economic collaboration, “how we can set out basic rules, and then consider next steps.”

Southeast Asia’s digital economy stands at over $300 billion in 2025 in gross merchandise value, according to the 2025 Google e-Conomy SEA report.

He said he hoped that ASEAN will have a digital economy agreement with the EU, as well as for the Southeast Asian bloc to work with the Gulf Cooperation Council and the CPTPP to find ways to facilitate trade investment.

The CPTPP refers to the 11-member Comprehensive and Progressive Agreement for Trans-Pacific Partnership that was formed after U.S. President Donald Trump pulled out of the Trans-Pacific Partnership in his first term.

“So I think there are a lot of opportunities still, despite the headwinds and the uncertainties we are seeing.”

Separately, Gan also said that Singapore would like to work with partners to think about how the World Trade Organisation can be transformed.

“WTO is still [an] important foundation for this rules-based trading system,” he said.

“We will need to transform because the current design architecture of WTO may no longer be workable, and it’s important for us to come together to discuss what is the way forward, what are the areas that require transformation,” Gan added.

Continue Reading

Technology

Nvidia supplier Foxconn third-quarter profit beats expectations, rising 17% on AI demand

Published

4 hours ago

on

November 12, 2025

By

Nvidia supplier Foxconn third-quarter profit beats expectations, rising 17% on AI demand

Foxconn Chairman Young Liu delivers a speech during the Hon Hai Tech Day in Taipei on Oct. 18, 2023.

I-hwa Cheng | AFP | Getty Images

Foxconn, the world’s largest contract electronics maker, said Wednesday that its third-quarter profit jumped 17% from a year earlier, driven by growth in its artificial intelligence server business.

Here’s how Foxconn did in the September quarter compared with LSEG SmartEstimates, which are weighted toward forecasts from analysts who are more consistently accurate:

  • Revenue: $2.06 trillion New Taiwan dollars ($66.29 billion) vs. NT$2.06 trillion expected
  • Net profit: NT$57.67 billion vs. NT$50.41 billion

Foxconn, formally known as Hon Hai Precision Industry, is best known as the world’s largest manufacturer of Apple‘s iPhones, but has been shifting into other business avenues, including AI. The firm manufactures server racks designed for AI workloads and has become a key partner to American AI chip darling Nvidia.

The company said it expects operations in the second half of the year — the traditional peak season — to maintain continuous quarterly growth, citing stronger AI server shipments and rising demand for information and communications technology products.

However, Foxconn cautioned that global political and economic uncertainty, along with exchange rate fluctuations, will require continued close monitoring.

Foxconn reported that its ‘Cloud and Networking’ segment saw strong year-on-year growth, supported by demand for AI server racks.

Foxconn’s server manufacturing business is currently in a strong growth phase, underpinned by robust demand, Ivan Lam, a senior analyst at Counterpoint Research, told CNBC.

The company is leveraging its dominance in contract manufacturing to secure both current and future orders, Lam said, describing it as a clear case of “follow the cash” strategy that involves sacrificing some consumer electronics orders.

He added that Foxconn’s pivot toward high-growth server manufacturing “is clearly paying off,” even as it trades parts of its consumer electronics footprint for longer-term momentum.

While component price volatility, currency swings, and logistics challenges can pressure margins, Lam said he expects Foxconn’s fourth-quarter results to “remain favorable.”

The electronics contract manufacturer also said it is partnering with Nvidia, Stellantis and Uber to build so-called “Level 4” autonomous vehicles, which doesn’t require a safety driver to be present.

Recently, Foxconn signed a memorandum of understanding with Mitsubishi Electric on Nov. 6 to jointly supply energy-efficient AI data center solutions globally. Besides AI data centers, Foxconn and Mitsubishi Electric plan to explore additional new business models and solutions using their combined technological and knowledge capabilities.

Continue Reading

Trending