Medtronic Issues Fix to Address Cybersecurity Vulnerabilities

Medtronic has issued a software update to address a safety risk caused by cybersecurity vulnerabilities associated with the Internet connection between two models of CareLink programmers used to download software from the company's software distribution network (SDN). The situation prompted FDA to issue a safety communication to alert patients, caregivers, and physicians. FDA said the cybersecurity vulnerabilities could allow an unauthorized user to change the programmer's functionality or the implanted device during the device implantation procedure or during follow-up visits. The vulnerability impacts the CareLink and CareLink Encore programmers. Software updates normally include new software for the programmer's functionality as well as updates to implanted device firmware. Although the programmer uses a virtual private network (VPN) to establish an Internet connection with the Medtronic SDN, the vulnerability identified with this connection is that the programmers do not verify that they are still connected to the VPN prior to downloading updates, the agency explained. FDA said that on Oct. 5, 2018, it approved Medtronic's software update to the Medtronic network that will intentionally block the currently existing programmer for accessing the Medtronic SDN. The agency said there are no known reports of patient harm related to this issue. The company is working to create and implement additional security updates to further address these vulnerabilities, the ag...
Source: MDDI - Category: Medical Devices Authors: Tags: Software Source Type: news