Medtronic CareLink Network. Credit: Medtronic.

Medtronic has disabled online updates for its CareLink and CareLink Encore programmers, models 2090 and 29901, because they were found to be vulnerable to cybersecurity attacks.

The programmers allow healthcare providers to access the Medtronic cardiac implantable electrophysiology devices (CIEDs), which include pacemakers and defibrillators, among others.

Go deeper with GlobalData

Go deeper with GlobalData

The gold standard of business intelligence.

Find out more

Discover B2B Marketing That Performs

Combine business intelligence and editorial excellence to reach engaged professionals across 36 leading media platforms.

Find out more

Physicians can use the programmers to get device performance data, check battery status and adjust or reprogram device settings from a CIED.

“In a safety notice, the US Food and Drug Administration (FDA) said that it reviewed the vulnerabilities and found opportunities for unauthorised users to access the programmer or the implanted device.”

Software for these programmers can be downloaded and updated via an internet connection to the Medtronic Software Distribution Network (SDN) or by a Medtronic representative who uses a universal serial bus device (USB).

Medtronic revealed in a security bulletin that researchers from WhiteScope detected vulnerabilities in the CareLink 2090 and CareLink Encore 29901 programmers, and associated SDN.

The company said: “If not mitigated, these vulnerabilities could result in potential harm to a patient.” However, Medtronic noted that it did not receive any report of such an attack or patient harm, so far.

GlobalData Strategic Intelligence

US Tariffs are shifting - will you react or anticipate?

Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.

By GlobalData

In a safety notice issued by the US Food and Drug Administration (FDA), the agency said that it reviewed the vulnerabilities and found opportunities for an unauthorised user to access the programmer or the implanted device.

To address these concerns and improve cybersecurity, Medtronic has disabled access to the SDN. The medical device firm plans to send its representative to carry out manual updates, when required.

Medtronic added: “Medtronic is working on additional security updates for the impacted programmers and the SDN update process. We will implement these updates following regulatory agency approvals.”

Both the FDA and the company recommended healthcare providers to continue using the CareLink programmes but advised against updating the software over the internet.

The agency further added that patients or caregivers need not take any actions in association with this software update or cybersecurity vulnerability.

Medical Device Network Excellence Awards - Nominations Closed

Nominations are now closed for the Medical Device Network Excellence Awards. A big thanks to all the organisations that entered – your response has been outstanding, showcasing exceptional innovation, leadership, and impact

Excellence in Action
HemoSonics has won the 2025 Marketing Award for its impactful promotion of theQuantra Hemostasis System and leadership in blood management education. See how targeted campaigns, thought leadership content, and hands on clinician training are accelerating Quantra’s market traction and shaping the future of hemostasis testing.

Discover the Impact