State investigators are looking into potential cybersecurity risks and alleged violations of Florida’s Deceptive and Unfair Trade Practices Act (FDUTPA) with patient monitors manufactured by Contec, which was founded in South Carolina in 1988 before moving to China in 2006, and U.S. resellers like the Miami-based Epsimed who sell the monitors under its brand name.
On January 30, the U.S. Food and Drug Administration (FDA) released a safety memo regarding “cybersecurity vulnerabilities” in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors, warning that they “may put patients at risk after being connected to the internet.”
While the agency said it has not been made aware of any cybersecurity incidents related to the devices at that time, officials found that the monitors “may be remotely controlled by an unauthorized user,” capable of exfiltrating personal health data outside of the intended network.
According to Uthmeier’s office, the “backdoor” in the monitors “could allow bad actors to manipulate data shown on the devices without the patient or provider’s knowledge,” with programming that can “automatically” transmit patient information to an IP address owned by a university in China.
The attorney general said Contec and Epismed may have violated FDUTPA by:
- Contec representing that the monitors were FDA-approved, even though the monitors were not FDA-approved;
- Epsimed representing that the monitor “meets international standards such as FDA, CE and ISO,” even though the monitor did not appear to meet any of those standards due to its serious cybersecurity vulnerabilities;
- Representing that the monitor had assurance on product quality when the product did not have the quality, safety, and reliability that would be expected, and instead contained a backdoor and transmitted patient information to China;
- Epsimed representing that it was a “leading OEM manufacturer,” when in fact Epsimed was simply selling Contec’s monitor after relabeling it as Epsimed’s own brand;
- Contec and Epsimed omitting material facts about the monitor’s security vulnerabilities; and
- Contec and Epsimed engaging in unfair practices causing consumer harm, such as by selling a monitor that transmitted patient information to China.
“Medical devices that record patient data must be secure and should not send data to entities controlled by the Chinese Communist Party,” Uthmeier said in a statement. “Protecting Americans’ sensitive, personal data from our enemies is paramount, and my office will get to the bottom of this deception.”
Michael Lucci, founder and CEO of anti-CCP policy firm State Armor, gave Uthmeier “major credit” for pursuing this investigation and denounced the Chinese government for showing “zero regard for American rule-of-law.”
“Their companies operate under legal requirements that are incompatible with our own. They are lacing their hardware products and software applications with undisclosed backdoors that allow for information extraction and sabotage against our critical assets,” he told Breitbart News. “From TikTok, to Temu, to Contec and Epsimed, the CCP will stop at nothing to steal every bit of Americans’ personal data for malicious purposes.”
If companies like Contec and Epsimed are found to be selling medical equipment with secret mechanisms to send patient information to the CCP, the global security expert said “they must be dealt with by the full force of the law.”
“It’s bad enough when a Chinese company creates security risks for Americans. No American company should help them do it,” he added.
Olivia Rondeau is a politics reporter for Breitbart News based in Washington, DC. Find her on X/Twitter and Instagram.
Breitbart News
Read the full article .
