|
 Medtronic
disables pacemaker programmer updates over hack concern
Send a link to a friend
[October 12, 2018]
By Jim Finkle
NEW YORK (Reuters) - Medical device maker
Medtronic Plc has disabled internet updates for some 34,000 CareLink
programming devices that healthcare providers around the world use to
access implanted pacemakers, saying the system was vulnerable to cyber
attacks.
|
|
 The company said it knows of no cases where the vulnerability had
been exploited by hackers in a letter sent to physicians this week,
which was labeled "urgent medical device correction."
The vulnerability "could result in harm to a patient depending on
the extent and intent of a malicious cyberattack and the patient’s
underlying condition," according to the letter, which was seen by
Reuters on Thursday.
Medical device makers have bolstered efforts to identify and
mitigate security vulnerabilities in their products in recent years
in response to a flurry of warnings from security researchers, who
have identified bugs in devices like the Medtronic implant
programmers.
There have been no documented reports of attacks on medical devices,
though researchers warn the industry is far behind the computer
industry in protecting devices from hackers.
Medtronic in August issued a security bulletin on the issue with its
CareLink programmers after researchers discussed the vulnerability
at the Black Hat hacking conference in Las Vegas. Medical device
security experts said they had uncovered a bug that could enable
hackers to update malicious software onto the programmers, then
attack implanted pacemakers.
Pacemakers and implantable defibrillators are small devices placed
in the chest that use electronic pulses to control abnormal heart
rhythms in patients with arrhythmias.
[to top of second column] |
Medtronic kept the network updates running until recently, saying it
had increased security controls and boosted monitoring for potential
malicious activity.
The vulnerability affects the internet-based platform for updating
some 34,000 CareLink 2090 and CareLink Encore 29901 programmers that
healthcare providers around the globe use to program implanted
pacemakers, according to Medtronic.
The company said in the letter that it was is working to develop
security updates "that will further address these vulnerabilities
and will be implemented pending regulatory agency approvals."
In the meantime, the programmers can still be manually updated using
a USB connection, the letter said.
(Reporting by Jim Finkle in New York; Editing by Bill Berkrot)
[© 2018 Thomson Reuters. All rights
reserved.] Copyright 2018 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content.
 |
