Medtronic Faces Cybersecurity Risk for Clinical Programmer

The Department of Homeland Security (DHS) is warning that there are cybersecurity vulnerabilities in Medtronic’s N’Vision clinical programmer. The Dublin-based company’s Programmer is a small, portable device that offers a single programming platform for Medtronic Neurological implantable therapy offerings. The company pointed out it is not an implantable device. The N’Vision Clinical Programmer has the potential to store Personal Health Information or Personal Identifying Information. In its report, DHS said the successful exploitation of the vulnerability could “allow an attacker with physical access to an 8870 N’Vision Compact Flash” card to access this personal information. Medtronic said it has assessed this vulnerability per its internal process. A spokesperson for the company told MD+DI that, “these findings revealed a low safety risk because physical access to a physician programmer is needed to exploit the vulnerability; this does not pose a risk for changing the function or performance of an implanted device; these devices are not commercially sold, and these devices are intended for only healthcare practitioners.” Medtronic said any commercial sales to third parties are strictly prohibited, and it has published an advisory about this vulnerability, detailing steps to mitigate any risk of inappropriate data exposure. Network-connected medical devices promise an entirely new level of value for patients and doctors, but they also introduce new cybers...
Source: MDDI - Category: Medical Devices Authors: Tags: Business Regulatory and Compliance Source Type: news