The Internet of Medical Things (IoMT) has transformed patient care by delivering real-time data and improving clinical outcomes. However, as Fortified Health Security predicted in its 2025 Horizon Report, interconnected medical devices create new cybersecurity risks. The recent FDA and CISA alerts about vulnerabilities in Contec patient monitors highlight the urgent need for proactive IoMT security measures to protect patients and healthcare institutions.

An IoMT Security Wake-Up Call

On January 30, 2025, issued warnings about cybersecurity vulnerabilities in Contec patient monitors, specifically the CMS8000 model. These devices contain a hardcoded credential ‘backdoor,’ which allows unauthorized access to patient data and even device manipulation. If exploited, such vulnerabilities could compromise patient safety, disrupt hospital operations, and lead to regulatory repercussions for healthcare organizations.

According to the FDA, these are the three cybersecurity vulnerabilities:

  1. An unauthorized user could remotely control the patient monitor.
  2. The software has a backdoor, potentially compromising the device or its connected network.
  3. When connected to the internet, the patient monitor collects patient data, including PII and PHI, and sends it outside the healthcare environment.

This incident reinforces a growing trend of cybercriminals increasingly target IoMT devices with weak security configurations, unpatched software, and limited network visibility. Because patient monitors track vital signs and alert providers to life-threatening conditions, any disruption or tampering could cause serious harm.

Why IoMT Security Must Be a Top Priority

The Contec incident serves as another example of why healthcare organizations must take a proactive approach to IoMT security. Cybercriminals are increasingly exploiting vulnerabilities in connected medical devices, with attacks ranging from ransomware to data breaches. As hospitals and health systems continue their digital transformation, they must recognize that IoMT security is not just an IT concern, it’s a patient safety imperative.

“This is a big issue,” says Russell Teague, Fortified Health Security CISO. “Medical device manufacturers are being held to higher security standards, but hospitals still rely on legacy equipment. Replacing it isn’t always feasible, so we need strategies like network segmentation and compensating controls to secure these older devices.”

Next Steps for Healthcare Leaders

Healthcare executives, IT leaders, and security professionals must take immediate action to address IoMT security. The Contec CMS8000 issue is a reminder that cybersecurity risks in medical devices are real and must be actively managed. Organizations that wait for the next exploit risk not only financial losses but also reputational damage and patient harm.

Fortified Health Security partners with healthcare organizations to strengthen IoMT defenses and create a resilient cybersecurity framework. With regulatory pressures mounting and cyber threats evolving, now is the time to invest in a robust security strategy that protects both patients and the healthcare ecosystem.

Is your organization prepared for the next IoMT cybersecurity threat? Contact Fortified Health Security today to learn how we can help safeguard your medical devices and critical systems.