The alert was issued after the FDA reviewed information concerning possible cybersecurity vulnerabilities associated with the Conexus wireless telemetry technology used for communication between Medtronic’s implantable cardiac devices, clinic programmers and home monitors.
The wireless technology does not use encryption, authentication or authorization, which leave Medtronic’s cardiac implantable cardioverter defibrillators and cardiac resynchronization therapy defibrillators vulnerable to being hacked. If an unauthorized individual gained access, he or she could potentially manipulate an implantable device, home monitor or clinic programmer.
Medtronic is working to add security updates to address the cybersecurity vulnerabilities, according to the FDA. In the interim, the FDA recommends providers maintain control of the devices’ programmers and keep IT networks well-managed. The agency also does not recommend replacing the devices, and said it is unaware of any reports of patient harm related to the cybersecurity vulnerabilities.
To access the full report, click here.
More articles on cybersecurity:
277,000 patients affected in Zoll data breach
Medical device developers turn to FDA for cybersecurity guidance
CEOs see pay raises after cyberattacks, study finds