FDA issues safety alert for Medtronic defibrillators due to cybersecurity vulnerabilities

The FDA issued a safety communication alert on March 21 warning healthcare providers and individuals with Medtronic cardiac defibrillators of cybersecurity vulnerabilities in the devices' wireless technology.

The alert was issued after the FDA reviewed information concerning possible cybersecurity vulnerabilities associated with the Conexus wireless telemetry technology used for communication between Medtronic's implantable cardiac devices, clinic programmers and home monitors.

The wireless technology does not use encryption, authentication or authorization, which leave Medtronic's cardiac implantable cardioverter defibrillators and cardiac resynchronization therapy defibrillators vulnerable to being hacked. If an unauthorized individual gained access, he or she could potentially manipulate an implantable device, home monitor or clinic programmer.

Medtronic is working to add security updates to address the cybersecurity vulnerabilities, according to the FDA. In the interim, the FDA recommends providers maintain control of the devices' programmers and keep IT networks well-managed. The agency also does not recommend replacing the devices, and said it is unaware of any reports of patient harm related to the cybersecurity vulnerabilities.

To access the full report, click here.

More articles on cybersecurity:
277,000 patients affected in Zoll data breach
Medical device developers turn to FDA for cybersecurity guidance
CEOs see pay raises after cyberattacks, study finds

© Copyright ASC COMMUNICATIONS 2021. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.