In October 2018, Medtronic issued a statement warning consumers about updating their CareLink devices via the software distribution network. The company disabled the SDN for programmer updates, leaving hospitals to rely on the UBS update method.
Medtronic discovered that the vulnerabilities found the SDN download process could allow cybercriminals to update the devise with non-Medtronic software. Since 2018, Medtronic said that there have been zero reports of cyberattacks, data breaches or patient harm associated with the vulnerabilities.
The CareLink 2090 programmer is a portable computer system used to program and manage cardiac devices in hospitals. The CareLink Encore programmer allows clinicians to send data on patients’ heart rate automatically to a connected system.
More articles on cybersecurity:
Texas provider alerts 6,500 patients of phishing attack
Connecticut payer alerts 1,100 members of phishing attack
10 tips for hospitals to mitigate ransomware attacks