Healthcare cyberattacks surge, threatening patient safety nationwide

WASHINGTON D.C., UNITED STATES — The healthcare sector is grappling with an alarming rise in cyberattacks, threatening patient safety and data security.
Recent incidents include a ransomware attack on the New York Blood Center, which disrupted blood donations to over 200 U.S. hospitals, and a breach at Connecticut’s Community Health Center that exposed over one million medical records. These events underscore the vulnerabilities in critical healthcare systems.
FDA and CISA sound alarm over device vulnerabilities
In a joint advisory issued on January 30, the Food and Drug Administration (FDA) and the Cybersecurity and Infrastructure Security Agency (CISA) flagged critical vulnerabilities in patient monitors manufactured by Contec Medical Systems.
These devices, including the Contec CMS8000 and its rebranded counterpart Epsimed MN-120, contain a backdoor that could allow remote control by hackers.
“This introduces risk to patient safety as a malfunctioning monitor could lead to an improper response to vital signs,” CISA warned.
The monitors, widely used across U.S. and European healthcare facilities, track vital signs such as heart rate, blood oxygen levels, and respiration. The vulnerabilities allow unauthorized users to execute remote code, modify device configurations, and exfiltrate sensitive patient data.
No incidents yet, but risks loom large
While no injuries or deaths have been reported due to these vulnerabilities, the FDA has urged healthcare providers to remain vigilant. The agency advises disconnecting affected devices from the internet if they rely on remote monitoring features.
“Unplug the device and stop using it,” the FDA recommended for patients using these monitors at home.
Rising tide of cyber threats in healthcare
These warnings come amid escalating cybersecurity challenges in the healthcare industry. Data breaches have surged by over 100% in recent years, with high-profile incidents like the Change Healthcare breach affecting millions of patients.
Ransomware attacks have forced hospitals to cancel appointments and turn patients away, as seen in California’s NorthBay Healthcare breach last year.
Experts emphasize that outdated systems, third-party vendor risks, and inadequate cybersecurity measures exacerbate these threats.
Call for proactive measures
Healthcare organizations are urged to conduct gap analyses to identify vulnerabilities, update legacy systems, and implement robust cybersecurity protocols. Patients are also advised to stay informed about potential risks tied to their medical devices.
As cybercriminals increasingly target critical healthcare infrastructure, safeguarding patient safety requires immediate action from all stakeholders—providers, regulators, and technology manufacturers alike.