medical device security

The ZOLL ePCR iOS mobile application contains a WebView-based input‑sanitization flaw (tracked as CVE‑2025‑12699) that can be triggered by attacker‑controlled strings in patient care report (PCR) fields, allowing injected HTML/JavaScript to read local application files that may contain device...

The newly disclosed vulnerability in NIHON KOHDEN’s Central Monitor CNS-6201 (CVE-2025-59668) is a straightforward but dangerous example of how a simple memory-handling bug in an end‑of‑life medical device can translate into an operational safety problem for hospitals and clinical networks. A...

Microsoft’s warning that “the Windows are wide open for bad actors” is not hyperbole—October 14, 2025 is a hard deadline for Windows 10 support, and the downstream effects for healthcare providers, regulated institutions, and any organization running large fleets of legacy applications are...

FUJIFILM Healthcare Americas’ Synapse Mobility contains a web-parameter privilege-escalation flaw—tracked as CVE-2025-54551—that can be exploited remotely to bypass role-based access controls and expose protected imaging data, and CISA’s emergency medical advisory urges immediate upgrades to...

The landscape of industrial cybersecurity continues to evolve at a rapid pace, with threat actors targeting not only traditional IT environments but also the critical infrastructure underlying modern society. On July 24, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released...

MyCareLink Patient Monitor, manufactured by Medtronic, has been a central element in remote cardiac patient management, trusted by both physicians and millions of patients across the world. It enables transmission of data from cardiac implants—such as pacemakers or defibrillators—to healthcare...

The landscape of healthcare technology security is facing renewed scrutiny in the wake of a critical vulnerability disclosure involving Panoramic Corporation’s Digital Imaging Software. This software is a widely used solution, particularly in dental and medical practices across North America...

On June 10, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released four new advisories addressing significant vulnerabilities found in a variety of Industrial Control Systems (ICS) and related medical and fleet management platforms. These advisories echo the growing...

MicroDicom DICOM Viewer, a widely recognized medical imaging software, has become the focus of significant cybersecurity scrutiny following the public disclosure of a critical vulnerability. According to a disclosure by the Cybersecurity and Infrastructure Security Agency (CISA), versions of the...

When vulnerabilities emerge in widely used medical imaging software, the ripple effects can move far beyond specialized IT circles—especially when those vulnerabilities intersect with healthcare’s reliance on timely, accurate diagnostics. The recent discovery of a significant out-of-bounds read...

The morning after the United States Cybersecurity and Infrastructure Security Agency (CISA) releases a fresh batch of five Industrial Control Systems (ICS) advisories, security teams across multiple industries find themselves poring over technical documentation, re-evaluating their patch...

In the rapidly evolving arena of medical imaging technology, security remains a critical concern, especially as healthcare systems become ever more connected and data-driven. Pixmeo’s OsiriX MD, a widely adopted medical image viewer catering to both clinical and research environments, was...

Industrial control systems (ICS) stand at the heart of critical infrastructure worldwide, silently powering sectors such as energy, water, transportation, and manufacturing. In an era of proliferating cyber threats, the need for timely intelligence and robust defenses has never been more acute...

When exploring the latest security advisory for the MicroDicom DICOM Viewer, it is evident that even widely trusted imaging software within healthcare can harbor significant vulnerabilities, threatening both patient safety and the integrity of medical systems worldwide. In the midst of...

The latest cybersecurity advisory from the Cybersecurity and Infrastructure Security Agency (CISA) has put a glaring spotlight on a string of critical vulnerabilities discovered in INFINITT Healthcare’s Picture Archiving and Communication System (PACS)—a backbone technology underpinning modern...

When news breaks about a vulnerability in a widely-used healthcare IT product, few industries remain untouched by the ripple effects. For Sante DICOM Viewer Pro, a popular medical imaging program, the recent disclosure of an out-of-bounds write flaw—catalogued as CVE-2025-2480 and assigned a...

In the fast-evolving field of digital healthcare, the imperative to secure medical software and devices has reached a critical level. That urgency is thrown into sharp relief with the recent CISA advisory spotlighting multiple severe vulnerabilities in INFINITT Healthcare’s widely used Picture...

Healthcare IT is once again thrust into the cybersecurity spotlight, this time with a newly disclosed advisory about a critical vulnerability in Santesoft’s Sante DICOM Viewer Pro. This flaw—officially tracked as CVE-2025-2480—carries a severity that cannot be understated, especially given its...

Executive Summary In a new advisory that’s set to raise chaos across healthcare IT, severe vulnerabilities in the Contec Health CMS8000 Patient Monitor—a medical device widely deployed across global healthcare systems—have been brought to light. These issues, rated as highly critical (CVSS v4...