Medtronic – Page 2 – WindowsTechs.com

FDA urges patients to ditch vulnerable insulin pumps built by Medtronic

Posted on June 27, 2019 by Sean Lyngaas

A vulnerability in an insulin pump made by medical device vendor Medtronic could allow a hacker to change the pump’s settings and control the delivery of the hormone, the Food and Drug Administration warned Thursday. After security researchers demonstrated how an attacker could abuse a radio frequency protocol, which the pump uses to communicate with other devices, to inject and intercept data, the FDA told patients to switch to pump models with better cybersecurity protections. The advisory is the latest example of a health care company struggling to secure medical technology, which often is expensive and difficult to replace. Norman “Ned” Sharpless, acting head of the FDA, said the agency wasn’t aware of any patient harm stemming from the software vulnerability. While we are not aware of any patients who may have been harmed by this particular cybersecurity vulnerability, the risk of patient harm if such a vulnerability were left unaddressed is significant. — […]

The post FDA urges patients to ditch vulnerable insulin pumps built by Medtronic appeared first on CyberScoop.

Continue reading FDA urges patients to ditch vulnerable insulin pumps built by Medtronic→

Medtronic cardiac implants can be hacked, FDA issues alert

Posted on March 25, 2019 by John E Dunn

Two serious flaws in the telemetry protocol could allow a hacker to control vulnerable Implantable Cardioverter Defibrillators (ICDs). Continue reading Medtronic cardiac implants can be hacked, FDA issues alert→

Implanted Medical Devices Can Be Hacked Wirelessly, Warns U.S. Gov’t

Posted on March 22, 2019 by Richi Jennings

Implantable cardioverter defibrillators (ICDs) made by Medtronic are insecure, says the Dept. of Homeland Security. Exploitation is trivial, possible outcomes include the death of the patient. And Medtronic knew about the problem for over a year.
The … Continue reading Implanted Medical Devices Can Be Hacked Wirelessly, Warns U.S. Gov’t→

Security flaw in Medtronic heart defibrillators is serious, DHS says, but don’t panic

Posted on March 22, 2019 by Jeff Stone

The Department of Homeland Security has issued an advisory warning that a vulnerability in Medtronic heart defibrillators could allow hackers to change the settings in a medical device from within radio range. The flaw, designated CVE-2019-6538, has been assigned a 9.3 severity out of a possible 10, according to the Cybersecurity and Infrastructure Security Agency advisory issued Thursday. The Food and Drug Administration in its own safety communication said it has “confirmed that these vulnerabilities, if exploited, could allow an unauthorized individual (for example, someone other than the patient’s physician) to access and potentially manipulate an implantable home device, home monitor, or clinic programmer.” The issue involves Conexus, Medtronic’s radio-frequency protocol that’s used for communication between medical technology such as defibrillators, home monitoring devices and other clinician programming tools. Conexus connections fail to implement any kind of authentication or authorization, according to DHS. That means that, in situations where a product’s radio […]

The post Security flaw in Medtronic heart defibrillators is serious, DHS says, but don’t panic appeared first on CyberScoop.

Continue reading Security flaw in Medtronic heart defibrillators is serious, DHS says, but don’t panic→

Remote Code Implantation Flaw Found in Medtronic Cardiac Programmers

Posted on October 17, 2018 by Tara Seals

The flaw impacted patients with pacemakers, implantable defibrillators, cardiac resynchronization devices and insertable cardiac monitors. Continue reading Remote Code Implantation Flaw Found in Medtronic Cardiac Programmers→

FDA warns users of cyber vulnerabilities in pacemaker programmers

Posted on October 12, 2018 by Sean Lyngaas

The Food and Drug Administration has issued a cybersecurity advisory for two pieces of hardware that link to cardiac devices like pacemakers and defibrillators, citing a vulnerability that could allow unauthorized access to the programmers. The FDA said it confirmed that when the two models of programmers, which are made by Minneapolis-based Medtronic, have an internet connection, unauthorized users could exploit the vendor’s network to change the programmers’ functionality. “While we are not aware of patients who may have been harmed by this particular cyber vulnerability, the risk to patient harm of leaving such a vulnerability unaddressed is too great,” Suzanne Schwartz, a top cybersecurity official at the FDA, said Thursday in a statement. In response to the security and safety concerns, Medtronic said it disabled the internet-connected software updates for the programmers and that, as of Thursday, a company representative would manually and securely update all of the affected programmers. The […]

The post FDA warns users of cyber vulnerabilities in pacemaker programmers appeared first on Cyberscoop.

Continue reading FDA warns users of cyber vulnerabilities in pacemaker programmers→

Pacemaker controllers still vulnerable 18 months after flaws reported

Posted on August 14, 2018 by John E Dunn

A popular brand of heart pacemaker is still vulnerable to compromise more than a year and a half after the company that makes them was told of weaknesses in its security, researchers have claimed. Continue reading Pacemaker controllers still vulnerable 18 months after flaws reported→

Black Hat 2018: With Healthcare Security Flaws, Safety’s Increasingly at Stake

Posted on August 10, 2018 by Lindsey O'Donnell

Vulnerabilities in healthcare devices and hospital systems are leading to growing concerns in the infosec community about patient safety. Continue reading Black Hat 2018: With Healthcare Security Flaws, Safety’s Increasingly at Stake→