Report: New hack could put malware directly on Medtronic pacers, allow full control

Vulnerabilities within with Medtronic‘s (NYSE:MDT) pacemakers, its Carelink 2090 pacemaker programmer and associated infrastructure could allow an outside agent to plant malware on the pacers that would allow them to control all shocks delivered by the device, according to a new Wired report. The vulnerabilities were discovered by security firm Whitescope’s Billy Rios and QED Secure Solutions’ Jonathan Butts, according to the report. Both researchers claim to have been in discussions with Medtronic about the issues, which have also caught the attention of the FDA and the Dept. of Homeland Security. Rios and Butts said that a chain of vulnerabilities in Medtronic’s infrastructure could allow full control of implanted pacers. The team found the vulnerabilities by assessing Medtronic’s software delivery platform which is designed to deliver updates to the company’s existing devices, according to Wired. The pair built their own proof-of-concept network after examining the Fridley, Minn.-based medtech giant’s proprietary cloud infrastructure to test for issues without illegally accessing the actual network, according to the report. Medtronic took 10 months to analyze the submission, after which the company reportedly opted to not act on it, Wired reports. “Medtronic has assessed the vulnerabilities per our internal process. These findings revealed no new potential safety risks based on the existing product security risk assessment. The risks are controlled,...
Source: Mass Device - Category: Medical Devices Authors: Tags: Business/Financial News Cardiac Assist Devices Cardiac Implants Cardiovascular Software / IT Cybersecurity Medtronic Source Type: news