Report: ICS-CERT tags 2 Medtronic devices with cybersecurity vulnerabilities

The US Dept. of Homeland Security’s Industrial Control Systems Computer Emergency Response Team this week flagged two Medtronic (NYSE:MDT) devices for cybersecurity vulnerabilities that could allow attackers to obtain sensitive information, according to a HealthITSecurity report. The Fridley, Minn.-based medtech giant’s MyCareLink patient monitor and MiniMed Paradigm insulin pump and remote controller were specifically identified by the group, according to the report. ICS-Cert said that the MyCareLink patient monitor insufficiently verifies data authenticity and allows passwords to be stored in a recoverable format, according to HealthITSecurity. Such vulnerabilities could allow someone with physical access to the device to obtain product credentials used to upload data to Medtronic’s network, and would allow for the submission of false, forged data to the network. Medtronic responded to the warning, saying that the issues “do not allow modification of patient health information or existing data on the MyCareLink network.” “There are no known reports of data being impacted or targeted by the identified vulnerabilities. Medtronic is increasing the level of authentication required to upload data from the MyCareLink Patient Monitor to the Medtronic CareLink Network. In addition, increased cybersecurity monitoring has been implemented to detect and respond to any potential attempts to upload invalid data,” Medtronic wrote in its release. ICS-Cert a...
Source: Mass Device - Category: Medical Devices Authors: Tags: Business/Financial News Software / IT Medtronic Source Type: news