trending Market Intelligence /marketintelligence/en/news-insights/trending/7evcM1MgPFxaO0mzF8Gitg2 content
Log in to other products

Login to Market Intelligence Platform

 /


Looking for more?

Contact Us

Request a Demo

You're one step closer to unlocking our suite of comprehensive and robust tools.

Fill out the form so we can connect you to the right person.

If your company has a current subscription with S&P Global Market Intelligence, you can register as a new user for access to the platform(s) covered by your license at Market Intelligence platform or S&P Capital IQ.

  • First Name*
  • Last Name*
  • Business Email *
  • Phone *
  • Company Name *
  • City *
  • We generated a verification code for you

  • Enter verification Code here*

* Required

In This List

Medtronic cardiac implants at risk of 'low skill level' cyberattack, DHS warns

S&P Global Market Intelligence

Cannabis: Hashing Out a Budding Industry

Segment

IFRS 9 Impairment How It Impacts Your Corporation And How We Can Help

The Market Intelligence Platform


Medtronic cardiac implants at risk of 'low skill level' cyberattack, DHS warns

Medtronic PLC's Conexus telemetry system, used to control and monitor the medical device company's implantable cardiac defibrillators, has been found to be at risk of exploitation and consequent interference by attackers within radio range, the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency warned.

The vulnerable products, which include the CareLink Programmer used by doctors to monitor implanted cardiac defibrillators, could potentially be intercepted by even low skill level attackers, the agency said in a March 21 advisory, rating the risk at 9.3 out of 10.

According to the advisory, the telemetry protocol used for the 20 affected products does not implement encryption, authentication or authorization, which means an attacker could listen to transmissions using the radio frequency as well as "inject, replay, modify, and/or intercept data within the telemetry communication."

The notice advised users to report any abnormalities to their healthcare provider or Medtronic, and to use the affected home monitors, the MyCareLink Monitor, only in private environments. The agency also recommended users take defensive measures and said Medtronic has "applied additional controls for monitoring and responding to improper use," with additional mitigation strategies are underway.

Cardiac defibrillators are implanted to monitor and regulate potentially fatal heart rhythm. These defibrillators employ radio consoles to allow doctors and patients to ensure their devices are working properly, as well as support follow-up transmissions and other operational and safety notifications.

According to Medtronic's website, the Dublin-based company's products' "therapeutic benefits ... far outweigh any potential security risks."

A Medtronic spokesperson said the issue does not include Medtronic pacemakers or insertable cardiac monitors.

"Medtronic is conducting security checks to look for unauthorized or unusual activity that could be related to these issues," the spokesperson said in an emailed statement. "To date, no cyberattack, privacy breach, or patient harm has been observed or associated with these issues."

Updates addressing the security issues are planned, with the first scheduled for release later in 2019, according to the spokesperson.

"Medtronic and the FDA recommend that patients and physicians continue to use devices and technology as prescribed and intended, as this provides for the most efficient way to manage patients' devices and heart conditions," Medtronic's statement concluded.

Cyberattacks on medical devices have become of increasing concern to regulators, and the U.S. Food and Drug Administration released initiatives in October 2018 to address rising cyber-risks.