New security analysis tools have led to the discovery of critical vulnerabilities in widely-deployed hospital patient monitoring devices used for tracking vital signs and providing life-saving care. The discovery demonstrates how next generation cybersecurity tools can dramatically improve the security of critical medical infrastructure across U.S. healthcare facilities.
New security analysis tools have led to the discovery of critical vulnerabilities in widely-deployed hospital patient monitoring devices used for tracking vital signs and providing life-saving care. The discovery demonstrates how next generation cybersecurity tools can dramatically improve the security of critical medical infrastructure across U.S. healthcare facilities.
The tools, developed under STR’s Automated Medical device Patching (AMdP) project with funding through ARPA-H’s DIGIHEALS program, enabled the discovery of security flaws in the Contec CMS8000 patient monitor that could allow malicious actors to gain control of the device and compromise patient safety. The findings triggered a January 30th FDA safety communication and technical advisory from the Cybersecurity and Infrastructure Security Agency (CISA). No security incidents involving these vulnerabilities have been reported.
Also Read: CIO Influence Interview with Jason Merrick, Senior VP of Product at Tenable
Current approaches to finding vulnerabilities in medical devices rely on labor-intensive manual analysis of device firmware (known as binary analysis), often producing many false leads that security teams must investigate. AMdP represents a breakthrough in automation that rapidly identifies genuine vulnerabilities while filtering out false positives. This enables security teams to analyze thousands of devices across a hospital’s diverse medical equipment ecosystem using precise, targeted information about each vulnerability discovered.
AMdP combines STR’s automated vulnerability detection technology with Vector 35’s Binary Ninja commercial reverse engineering platform and Aarno Labs’ innovative firmware analysis and patching capabilities. Binary Ninja, an industry-leading platform for examining how devices operate at their most fundamental level, now hosts AMdP’s capabilities through its cloud-based enterprise infrastructure. This integration gives security teams powerful new automated tools for discovering vulnerabilities without requiring deep expertise in reverse engineering.
“With over 30 million legacy medical devices in U.S. healthcare facilities, and an estimated 6.2 vulnerabilities per device on average, manual security analysis cannot scale,” said Thomas Sherman, AMdP Principal Investigator at STR. “Our tools enable healthcare providers to rapidly assess their medical equipment, while giving device manufacturers new options for precise security fixes that could accelerate recertification.”
“Until now, finding and fixing vulnerabilities across 30 million legacy medical devices seemed impossible,” said David A. Markowitz Ph.D., Vice President for Health and Life Sciences at STR. “These new tools make that challenge solvable, offering a path to systematically improve healthcare cybersecurity nationwide.”
In addition to finding and disclosing the vulnerability, AMdP tools verified that the vendor’s firmware update correctly addressed the critical issue. Currently, a manufacturer’s update is opaque and difficult to evaluate, leaving end-users and regulators to trust that the manufacturer has implemented the fix correctly. Most manufacturers use ad-hoc testing, which only checks a limited set of scenarios. In contrast, Aarno Labs’ CodeHawk Platform provides automated software verification, mathematically confirming that a patch truly eliminates the vulnerability—not just that it appears to work in tests. In this instance, CodeHawk verified that Contec’s patch fully closed the vulnerability, and this result was shared with Contec and regulatory bodies.
Widespread adoption of these automated security tools could dramatically improve patient safety across the U.S. healthcare system. Healthcare providers will be able to rapidly identify and address security risks across their diverse medical equipment ecosystem. Device manufacturers can quickly evaluate reported vulnerabilities and develop targeted fixes. Security firms can comprehensively assess entire device families. Together, these capabilities enable a coordinated response to medical device security that directly enhances patient safety at a national scale.
Also Read: Quantum Computing In The Now
This vulnerability discovery has already prompted coordinated action between federal agencies, device manufacturers, and healthcare providers. AMdP’s automated analysis capabilities have been validated through extensive testing on real-world medical devices, offering a new approach to securing legacy healthcare infrastructure at scale.
Organizations interested in evaluating AMdP can access its capabilities through the Binary Ninja commercial platform. For organizations interested in alternative deployment options or integration with existing security infrastructure, STR offers flexible transition paths tailored to specific use cases.
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]
