Check Point Software: PRotecting Hospitals from IoT Threats
By: Vasily Dyagilev, Regional Director, Middle East, RCIS at Check Point Software Technologies Ltd.
In today's healthcare landscape, the integration of Internet of Medical Things (IoMT) devices has revolutionized patient care. However, this technological advancement also introduces significant cyber security risks. One such threat has been highlighted by the US Cybersecurity and Infrastructure Security Agency (CISA), which warns that Contec CMS8000 devices, widely used for patient monitoring, contain a backdoor that sends patient data to a remote IP address and could download and execute files on the device.
Technical details aside, human safety is always paramount. Addressing this type of vulnerability ensures that clinicians make care decisions on accurate data, thereby ensuring patients get proper care. As noted by CISA, '…a malfunctioning monitor could lead to improper responses to vital signs displayed by the device'.
This article explores how Check Point's IoT Protect solution can help hospitals defend against such threats, leveraging insights from the 2025 Check Point State of Cyber Security Report and addressing the broader issue of IoMT security.
The Threat: Contec CMS8000 Backdoor
The Contec CMS8000 patient monitoring devices have been found to include a backdoor that poses severe risks to patient data security and device integrity. This backdoor allows unauthorized access to patient data, sending it to a remote IP address, and enables the download and execution of files on the device. Such vulnerabilities can lead to data breaches, unauthorized data manipulation, and potential disruptions in patient care.
How Check Point IoT Protect Can Help
Check Point's IoT Protect solution offers a comprehensive approach to securing IoT devices within healthcare environments. Here's how it can specifically address the threat posed by the Contec CMS8000 backdoor:
Firmware risk assessment: IoT Protect offers Firmware Scanner that scans the device's firmware, discovering security vulnerabilities and backdoors such as suspicious domains and IP addresses listed in the program, secrets that are exposed in the device, and provide you a comprehensive analysis of potential risks from the device. Use this service to validate your supply chain before adding products to your environment.
– Autonomous device discovery and risk analysis: IoT Protect autonomously identifies and maps all IoT devices connected to the network, including patient monitoring devices like the Contec CMS8000. This visibility is crucial for detecting unauthorized devices and assessing their risk profiles.
– Zero Trust segmentation: By enforcing Zero Trust policies, IoT Protect prevents unauthorized access to and from IoT devices. This segmentation ensures that even if a device is compromised, the threat cannot spread laterally across the network.
– Real-time threat intelligence and virtual patching: IoT Protect leverages real-time threat intelligence to block known and zero-day attacks. The solution's virtual patching capabilities shield devices from known vulnerabilities without the need for physical updates, which is essential for devices like the Contec CMS8000 that may have embedded backdoors.
– IoT Protect nano agent for manufacturers: Check Point offers manufacturers to embed nano agent inside their devices, with active device-level protection against the most sophisticated cyber attacks. Nano agent helps to comply with FDA requirements for connected medical devices.
Healthcare Threat Landscape: Insights from the 2025 Check Point State of Cyber Security Report
The 2025 Check Point State of Cyber Security Report highlights the increasing cyber threats faced by the healthcare sector. In 2024, healthcare became the second most targeted industry, with a 47% increase in attacks year-over-year. The report underscores the need for robust cyber security measures to protect sensitive patient data and ensure the integrity of medical devices.
Key findings from the report include:
– Ransomware Evolution: Data exfiltration and extortion have overtaken encryption-based attacks as the primary ransomware tactics, simplifying operations and maximizing payouts.
– Supply Chain: Technology supply chain attacks have increased significantly. Hardware & semiconductors increased by 179% and software by 109%, raising the risk that IoMT devices could have vulnerabilities introduced by their supply chain.
The Broader Issue of IoMT Security
The Internet of Medical Things (IoMT) encompasses a wide range of connected medical devices that improve patient care but also introduce significant cybersecurity challenges. As highlighted in the Check Point blog, IoMT devices often lack built-in security features, making them vulnerable to cyber attacks. Ensuring the security of these devices is critical, as breaches can lead to data theft, compromised patient safety, and operational disruptions.
To address these challenges, healthcare organizations must adopt a multi-layered security approach that includes:
– Comprehensive device visibility: Continuously monitoring and mapping all connected devices to identify potential vulnerabilities.
– Zero Trust security models: Implementing strict access controls to prevent unauthorized access and lateral movement within the network.
– Proactive threat intelligence: Leveraging real-time threat intelligence to stay ahead of emerging threats and apply virtual patches as needed.
Conclusion
The integration of IoMT devices in healthcare offers numerous benefits but also introduces significant cyber security risks. The Contec CMS8000 backdoor threat exemplifies the vulnerabilities that can compromise patient data and device integrity. Check Point's IoT Protect solution provides a robust defense against such threats, ensuring the security and reliability of healthcare IoT devices. By adopting comprehensive cybersecurity measures, healthcare organizations can protect patient data, maintain operational integrity, and deliver safe, high-quality care.
For more information on how Check Point Quantum IoT Protect can secure your healthcare facility, contact Check Point for a demo today.
References
Contec CMS8000 Contains a Backdoor – CISA
IoT Security for Networks and Devices – Check Point Software
IoT Security Solutions – Check Point Software
The State of Cyber Security Report, 2025
IoT – The key to connected care excellence
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Mid East Info
20-05-2025
- Mid East Info
e& UAE unleashes region's first 5G slicing technology - Middle East Business News and Information
Solution delivers tailored, reliable 5G connectivity to meet critical industry needs Abu Dhabi,May 2025 – e& UAE has launched the region's first commercial 5G network slicing product for business customers over its cutting-edge standalone network. Revolutionising connectivity, this pioneering solution delivers tailored, ultra-reliable 5G to meet the evolving needs of industries and organisations across the public and private sectors. 5G slicing empowers e& UAE's world-class commercial 5G network by partitioning it into multiple virtual networks (slices), each powered by dedicated network resources. This innovation enables businesses in diverse industries such as manunfacturing, public safety and port facilities to optimise performance for their business critical applications. The introduction of custom slices will meet specific industry demands, ranging from low latency to robust Internet of Things (IoT) solutions for smart infrastructure. These dedicated network resources will also guarantee peak performance for critical operations. Oscar Garcia, Senior Vice President, Business Marketing and Product Innovation, e& UAE, said: 'By introducing 5G network slicing, e& UAE is delivering on its commitment to building innovative connectivity products and solutions that drive digital transformation across industries. With 5G network slicing, organisations can leverage on end-to-end reserved capacity to achieve guaranteed performance for critical operations. The solution is set to enable industry-specific use cases with the reliability and flexibility required for essential applications.' e& UAE offers businesses flexible options to suit their needs, including 5G slicing bandwidth-based packages, which provides tailored connectivity speeds to match specific use case requirements, and an industrial 5G Customer End Device (CPE), which acts as a dedicated access point, ensuring seamless integration and reliable performance for the subscribed network slice. Even though slices share the same physical network, they are isolated from each other in terms of traffic and data. This isolation ensures that the performance of a slice is not affected by the demands of other users on the shared network, ensuring secure and reliable service for businesses. As the region's first operator to launch a 5G network slicing solution with predefined bandwidths and plans, e& UAE is unlocking the full potential of reliable connectivity across the UAE. This game-changing technology bridges the gap between standard 5G services and complex private network infrastructures, offering an agile, cost-effective solution for today's digital landscape. By enabling businesses to craft multiple virtual networks tailored to specific applications and critical use cases, e& UAE ensures organisations meet their unique requirements with precision and unmatched reliability, paving the way for a smarter, more connected future. Abu Dhabi, May 2025 – e& UAE has launched the region's first commercial 5G network slicing product for business customers over its cutting-edge standalone network. Revolutionising connectivity, this pioneering solution delivers tailored, ultra-reliable 5G to meet the evolving needs of industries and organisations across the public and private sectors. 5G slicing empowers e& UAE's world-class commercial 5G network by partitioning it into multiple virtual networks (slices), each powered by dedicated network resources. This innovation enables businesses in diverse industries such as manunfacturing, public safety and port facilities to optimise performance for their business critical applications. The introduction of custom slices will meet specific industry demands, ranging from low latency to robust Internet of Things (IoT) solutions for smart infrastructure. These dedicated network resources will also guarantee peak performance for critical operations. Oscar Garcia, Senior Vice President, Business Marketing and Product Innovation, e& UAE, said: 'By introducing 5G network slicing, e& UAE is delivering on its commitment to building innovative connectivity products and solutions that drive digital transformation across industries. With 5G network slicing, organisations can leverage on end-to-end reserved capacity to achieve guaranteed performance for critical operations. The solution is set to enable industry-specific use cases with the reliability and flexibility required for essential applications.' e& UAE offers businesses flexible options to suit their needs, including 5G slicing bandwidth-based packages, which provides tailored connectivity speeds to match specific use case requirements, and an industrial 5G Customer End Device (CPE), which acts as a dedicated access point, ensuring seamless integration and reliable performance for the subscribed network slice. Even though slices share the same physical network, they are isolated from each other in terms of traffic and data. This isolation ensures that the performance of a slice is not affected by the demands of other users on the shared network, ensuring secure and reliable service for businesses. As the region's first operator to launch a 5G network slicing solution with predefined bandwidths and plans, e& UAE is unlocking the full potential of reliable connectivity across the UAE. This game-changing technology bridges the gap between standard 5G services and complex private network infrastructures, offering an agile, cost-effective solution for today's digital landscape. By enabling businesses to craft multiple virtual networks tailored to specific applications and critical use cases, e& UAE ensures organisations meet their unique requirements with precision and unmatched reliability, paving the way for a smarter, more connected future. About e& UAE: e& UAE is the flagship telecom arm of e& in the UAE, built on a 5-decades legacy of connectivity excellence. Our mission is to deliver world-class superior connectivity experiences that fuel the UAE's future-focused innovation. Leveraging the latest world-class technologies, e& UAE aims to transform lives and industries, turning every connection into an opportunity for growth and every interaction into a transformative possibility. We are focused on expanding our core services and digital marketplaces by enriching consumer value propositions that cater to new lifestyles and emerging demands beyond core telecom services, including health, insurance and gaming. As a trusted enterprise partner, e& UAE continues to power entire industries with 5G and AI, delivering a tailored ecosystem of solutions to meet their connectivity needs and more, empowering them to automate, innovate, transform, and scale. Strengthening our leadership position as an AI-powered telco, e& UAE delivers seamless connectivity, cutting-edge AI solutions, and sustainable innovation to uplift people and communities, and empower businesses and industries, so everyone thrives in a digital-first world.
CairoScene
17-05-2025
- CairoScene
Information & Communications Tech Market Surges to AED 192 Billion
Key drivers include deployment of 5G, enabling smart city projects such as Dubai's Smart City initiative, and AI integration. Apr 29, 2025 The information and communications technology (ICT) market in the UAE is forecast to expand from AED 191.68 billion in 2025 to AED 312 billion by 2030, a 10.29% compound annual growth rate, according to a Mordor Intelligence report. This growth is attributed to government-backed digital transformation strategies, including the National AI Strategy 2031, and rising demand for cloud computing, cybersecurity, and IoT solutions. Key drivers include the rapid deployment of 5G networks, enabling smart city projects such as Dubai's Smart City initiative, and AI integration across sectors like healthcare, finance, and transport. The report highlights contributions from multinational firms like Microsoft, Oracle, and IBM, alongside a surge in tech startups. AI is projected to contribute 14% to the UAE's GDP by 2030, with annual growth of 33.5% since 2018. 5G infrastructure supports advancements in autonomous vehicles, remote healthcare, and IoT applications, while cybersecurity investments align with increased digitisation. The UAE's strategic position as a regional tech hub continues to attract global enterprises and foster innovation. Market growth coincides with the UAE's aim to derive 50% of federal productivity gains from digital solutions by 2031.
Mid East Info
02-04-2025
- Mid East Info
Tech Mahindra and CrateDB Partner to Provide Agentic AI Solutions for Automotive, Manufacturing and Smart Factories
Hanover, Germany – April 2nd, 2025: Tech Mahindra (NSE: TECHM), a leading global provider of technology consulting and digital solutions to enterprises across industries, and CrateDB, a data management company, announced a strategic partnership at Hannover Messe 2025, the world's premier trade fair for industrial technology. The partnership will revolutionize the automotive, manufacturing, and smart factory sectors by delivering advanced agentic AI solutions that leverage real-time data analytics, enabling businesses to drive innovation and efficiency at scale. The partnership will combine Tech Mahindra's deep industry expertise and digital transformation capabilities with CrateDB's high-performance database technology to unlock the full value of data for industrial customers. Leveraging CrateDB's open-source, multi-model, distributed database, Tech Mahindra will provide enterprises with advanced capabilities to optimize supply chains, improve predictive maintenance models, and ensure higher quality control standards across their operation centers. Further, the solutions will analyze and integrate time-series data from industrial IoT (IIoT) sensors into a cloud-based environment, enabling businesses to utilize structured data for faster and more informed decision-making. Harshul Asnani, President and Head – Europe Business, Tech Mahindra, said, 'Agentic AI is redefining industrial operations by enabling conversational UI, autonomous decision-making, automated business process flow and real-time data representation. As enterprises navigate Industry 4.0, traditional data infrastructures struggle to keep pace. Our partnership with CrateDB delivers AI-driven insights at scale, empowering businesses to enhance efficiency, drive innovation, and maintain a competitive edge in an increasingly intelligent and data-intensive landscape.' Together, Tech Mahindra and CrateDB have leveraged a unique cloud data management architecture to develop highly scalable and sustainable solutions that will help industrial enterprises scale production globally and optimize cloud resources. By incorporating a scalable and adaptive architecture, the solution can be deployed across various manufacturing sub-verticals, providing enterprises with a unified approach to real-time analytics. Lars Färnström, CEO, CrateDB, said, 'We are excited to join forces with Tech Mahindra at Hannover Messe to showcase how our real-time analytics platform can transform industrial operations. As businesses look to scale their data-driven initiatives, our partnership ensures they have the necessary technology and expertise to navigate the evolving landscape of Industry 4.0.' As industries worldwide embrace Industry 4.0, the ability to process and act on data in real-time has become a critical differentiator. Under this partnership, both the companies will also showcase live demonstrations at Hannover Messe 2025, where attendees will witness how real-time analytics and scalable data infrastructure can enhance efficiency and optimize industrial operations. For more information about the partnership and joint solutions, visit the Tech Mahindra and CrateDB booth J41, Hall 14 at Hannover Messe 2025. About CrateDB CrateDB is a real-time analytics database designed for high scalability and performance, enabling businesses to make fast, data-driven decisions. With its ability to handle structured, semi-structured, and unstructured data, CrateDB powers mission-critical applications in industries like manufacturing, automotive, and IoT. For more information, visit Media Contact: Stephane Castellani, SVP Marketing, CrateDB: / +1 (724) 648 3474 About Tech Mahindra Tech Mahindra (NSE: TECHM) offers technology consulting and digital solutions to global enterprises across industries, enabling transformative scale at unparalleled speed. With 150,000+ professionals across 90+ countries helping 1100+ clients, Tech Mahindra provides a full spectrum of services including consulting, information technology, enterprise applications, business process services, engineering services, network services, customer experience & design, AI & analytics, and cloud & infrastructure services. It is the first Indian company in the world to have been awarded the Sustainable Markets Initiative's Terra Carta Seal, which recognizes global companies that are actively leading the charge to create a climate and nature-positive future. Tech Mahindra is part of the Mahindra Group, founded in 1945, one of the largest and most admired multinational federation of companies. For more information on how TechM can partner with you to meet your Scale at Speed™ imperatives, please visit Our Social Media Channels For more information on Tech Mahindra, please contact:
