Florida Attorney General James Uthmeier has filed a lawsuit against a Chinese medical device manufacturer and its Miami-based reseller, alleging deceptive business practices and citing cybersecurity risks.
Patient monitors made by Contec Medical System contain a hidden "backdoor" that could allow unauthorized access and manipulation of medical data, according to a Monday press release from Uthmeier's office.
Uthmeier's press release added that the devices reportedly transmit patient information to a Chinese IP address linked to a university, raising concerns over foreign surveillance and data breaches.
Those would be among the companies' violations of Florida's Deceptive and Unfair Trade Practices Act, the Attorney General's Office said.
Contec's headquarters is in the manufacturing town of Qinhuangdao with an American branch in Illinois.
"Medical devices that record patient data must be secure and should not send data to entities controlled by the Chinese Communist Party," Uthmeier said in the release.
The lawsuit claims Contec and the reseller, Epsimed, misrepresented the monitors as FDA-approved and falsely advertised compliance with international standards despite known vulnerabilities. Epsimed is also accused of falsely branding itself as an original equipment manufacturer while simply reselling Contec's products.
The monitors have been sold in the U.S. for more than a decade.
In January, the FDA issued a warning to health care providers and facilities, patients, and caregivers that cybersecurity vulnerabilities in the monitors may put patients at risk after being connected to the internet.
In that statement, the FDA said it was not aware of any cybersecurity incidents, injuries or deaths related to vulnerabilities.
The FDA defined the patient monitors as the Contec CMS8000 and Epsimed MN-120.
Once the monitor is connected to the internet, the device begins gathering data, including personally identifiable information and protected health information, the FDA saud The information is withdrawn outside of the health care environment.
These cybersecurity vulnerabilities can allow unauthorized actors to bypass cybersecurity controls, gaining access to and potentially manipulating the device, officials said.
Copyright 2025 WUSF 89.7
