Medtronic releases patches to fix flaws in cardiac connected devices

Medtronic has made updates to its CareLink 2090 Programmer and CareLink Encore 299901 Programmer to fix vulnerabilities that if exploited could allow external parties to download malicious software on the connected devices, the company announced Jan. 30.

In October 2018, Medtronic issued a statement warning consumers about updating their CareLink devices via the software distribution network. The company disabled the SDN for programmer updates, leaving hospitals to rely on the UBS update method.

Medtronic discovered that the vulnerabilities found the SDN download process could allow cybercriminals to update the devise with non-Medtronic software. Since 2018, Medtronic said that there have been zero reports of cyberattacks, data breaches or patient harm associated with the vulnerabilities.

The CareLink 2090 programmer is a portable computer system used to program and manage cardiac devices in hospitals. The CareLink Encore programmer allows clinicians to send data on patients' heart rate automatically to a connected system.

More articles on cybersecurity:
Texas provider alerts 6,500 patients of phishing attack
Connecticut payer alerts 1,100 members of phishing attack
10 tips for hospitals to mitigate ransomware attacks

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Featured Webinars

Featured Whitepapers