Guardtech Cleanrooms
Medical Device Cleanroom Design and Construction Solutions
The US Food and Drug Administration (FDA) has detected cybersecurity vulnerabilities in Medtronic’s implantable cardiac devices, clinic programmers and home monitors.
The US Food and Drug Administration (FDA) has detected cybersecurity vulnerabilities in Medtronic’s implantable cardiac devices, clinic programmers and home monitors.
The issues were found in Conexus telemetry technology, which uses wireless radio frequency (RF) channels to enable Medtronic programmers and monitoring accessories to remotely transfer data from a patient’s cardiac device to a specific healthcare clinic.
Clinicians use the technology to display and print device information in real-time and programme implanted device settings.
Transmitted data is not encrypted and does not require authentication or authorisation. This could be exploited to enable an unauthorised individual to access and alter the devices.
The FDA’s alert covers cardiac implantable cardioverter defibrillators (ICD) or cardiac resynchronisation therapy defibrillators (CRT-D) but does not include pacemakers, cardiac resynchronisation pacemakers (CRT-P), CareLink Express monitors or the CareLink Encore Programmer.
The US regulator advised healthcare providers and patients to continue using the devices while Medtronic works on new updates to mitigate the vulnerabilities.
A statement from the FDA read: “The FDA recommends that healthcare providers and patients continue to use these devices as intended and follow device labelling.
“Although the system’s overall design features help safeguard patients, Medtronic is developing updates to further mitigate these cybersecurity vulnerabilities.”
The agency added that no reports have been received regarding any harm to patients due to these cybersecurity issues.
GlobalData's TMT Themes 2021 Report tells you everything you need to know about disruptive tech themes and which companies are best placed to help you digitally transform your business.
Find out moreIn October last year, Medtronic disabled online updates for some of its CareLink and CareLink Encore programmers, as they were found to be vulnerable to cybersecurity attacks.
The programmers facilitate access to the company’s cardiac implantable electrophysiology devices (CIED), including pacemakers and defibrillators.
Medical Device Cleanroom Design and Construction Solutions
Medical-Grade Video Recorders and Medical Video Management Solutions
PI Ceramic - Piezoelectric Components for Medical Device Applications