The Department of Homeland Security this week released a report warning of cybersecurity vulnerabilities in Medtronic‘s (NYSE:MDT) N’Vision clinician programmer designed for use with neurostimulation devices that could allow outside agents to access personal health data.
The DHS said that the vulnerability was originally reported by Whitescope LLC, and requires an individual gain physical access to N’Vision’s 8870 Compact Flash Therapy Application card.
Once access is achieved, extracting personal health information or personal identifying information requires a low skill level, according to the DHS report.
The vulnerability was given a medium-severity classification by the agency, which said that Medtronic has not yet developed an update to address the issue. The DHS said that Medtronic was taking steps to reinforce security reminders and help reduce the risk of the vulnerability.
Medtronic recommended that operators of such devices take extra steps to maintain the security of them, including strict physical control of the Compact Flash card, only using legitimately maintained 8870 cards and returning the cards when they are no longer in use.
Last month, FDA Commissioner Scott Gottlieb released a statement laying out the federal watchdog’s plans for improving medical device regulation, including plans to improve cybersecurity and monitor the total product life cycles of devices.