Medtronic (NYSE:MDT) has disabled internet updates for approximately 34,000 CareLink devices designed for accessing and programming implanted pacemakers due to cybersecurity vulnerabilities with the systems, according to a Reuters report.
The vulnerability, revealed this summer by cybersecurity firm researchers, could allow an outside agent to plant malware on the pacers that would allow them to control or disable the delivery of life-saving shocks to the heart.
The Fridley, Minn.-based company said that it knows of no cases in which hackers have exploited the vulnerability in real world environments, according to the report.
Medtronic sent letters to physicians this week to notify them of the vulnerability, labeling the communications as an “urgent medical device corrections,” according to Reuters.
A total of 34,000 CareLink 2090 and CareLink Encore 29901 programmers are affected by the vulnerability, which Medtronic said it will “further address” with security updates which will be “implemented pending regulatory agency approvals,” according to the report.
The programming device can still be updated through a direct USB connection, according to Reuters.
In August, the US Dept. of Homeland Security’s Industrial Control Systems Computer Emergency Response Team flagged two Medtronic devices for cybersecurity vulnerabilities that could allow attackers to obtain sensitive information.
DeviceTalks West is just a few days away. Join more than 300 of your peers for a day of world-class education, networking, and a technology exhibition featuring the leading companies in the industry.
Don’t miss out on this premier opportunity to come together and share perspectives with the best of the best in the industry.
Use code LASTCHANCE to save an additional 20%.