The Cybersecurity and Infrastructure Security Agency warned of vulnerabilities within Medtronic's MyCareLink Smart device, which monitors pacemaker activity and sends information to clinicians.
Four details:
1. The vulnerabilities were detected in the MyCareLink Smart Model 25000 Patient Reader and take a low level of skill to exploit.
2. A hacker could exploit the vulnerabilities and modify or fabricate data from implanted cardiac devices uploaded to the CareLink network. Hackers could also use the volunerability to remotely execute code on the MCL Smart Patient Reader Device to control the connected pacemaker.
3. Medtronic developed a firmware update to eliminate the vulnerabilities. Users can update the MyCareLink Smart app on their mobile devices to activate the firmware. The updates are only applied through iOS 10 and above or Android 6 and above.
4. Medtronic implemented enhanced integrity validation technology for early detection of attempts to exploit the vulnerabilities. The company also installed advanced detection system technology for device-level monitoring.