Medtronic Disables Pacemaker Software Updates Over Security Concerns

AlphaAtlas

[H]ard|Gawd
Staff member
Joined
Mar 3, 2018
Messages
1,713
Following an independent investigation by security experts, and an FDA review, Medtronic disabled software updates for the Medtronic CareLink and CareLink Encore Programmer models 2090 and 29901, which are used in pacemakers, implantable defibrillators, cardiac resynchronization devices, and insertable cardiac monitors. The vulnerability would theoretically allow an attacker to update a medical device with non-Medtronic code, which is obviously a serious concern in a pacemaker. Fortunately, the company claims it hasn't received any reports of attacks or compromised patients. Users will have to manually update their medical devices via USB, and the company claims that its working on getting the online update system back up and running.

The FDA has reviewed information about potential cybersecurity vulnerabilities associated with the internet connection of Medtronic's programmers, and has confirmed that these vulnerabilities could allow an unauthorized user (that is,someone other than the patient's physician) to change the programmer's functionality or the implanted device during the device implantation procedure or during follow-up visits. Specifically, this cybersecurity vulnerability is associated with using an internet connection to update software between the CareLink and CareLink Encore programmers and the SDN. Software updates normally include new software for the programmer's functionality as well as updates to implanted device firmware. Although the programmer uses a virtual private network (VPN) to establish an internet connection with the Medtronic SDN, the vulnerability identified with this connection is that the programmers do not verify that they are still connected to the VPN prior to downloading updates. To address this cybersecurity vulnerability and improve patient safety, on October 5, 2018, the FDA approved Medtronic's update to the Medtronic network that will intentionally block the currently existing programmer from accessing the Medtronic SDN.
 

drescherjm

[H]F Junkie
Joined
Nov 19, 2008
Messages
14,925
Users will have to manually update their medical devices via USB

For a pacemaker??

Edit: I see what they are talking about. This is a device that monitors the pacemaker or other medical device.
 

Jim Kim

2[H]4U
Joined
May 24, 2012
Messages
3,823
I update mine by microwaving foil at the convenience store.;)
A friends father had been feeling weak for weeks so he went to the doc. It was determined that his pacemaker had gone into "safe mode" and was not "cranking it up" under load.
The cause was determined to be a near miss lightning strike the man had experienced and it had ganked his pacemaker, requiring it to be reset.
 

Monkey34

Supreme [H]ardness
Joined
Apr 11, 2003
Messages
5,132
A friends father had been feeling weak for weeks so he went to the doc. It was determined that his pacemaker had gone into "safe mode" and was not "cranking it up" under load.
The cause was determined to be a near miss lightning strike the man had experienced and it had ganked his pacemaker, requiring it to be reset.

ITCrow.jpg


Reboot him....LOL.
 
Top