Medtronic (NYSE:MDT) has disabled internet updates for approximately 34,000 CareLink devices designed for accessing and programming implanted pacemakers due to cybersecurity vulnerabilities with the systems, according to a Reuters report.
The vulnerability, revealed this summer by cybersecurity firm researchers, could allow an outside agent to plant malware on the pacers that would allow them to control or disable the delivery of life-saving shocks to the heart.
The Fridley, Minn.-based company said that it knows of no cases in which hackers have exploited the vulnerability in real world environments, according to the report.
Medtronic sent letters to physicians this week to notify them of the vulnerability, labeling the communications as an “urgent medical device corrections,” according to Reuters.
A total of 34,000 CareLink 2090 and CareLink Encore 29901 programmers are affected by the vulnerability, which Medtronic said it will “further address” with security updates which will be “implemented pending regulatory agency approvals,” according to the report.
The programming device can still be updated through a direct USB connection, according to Reuters.
In August, the US Dept. of Homeland Security’s Industrial Control Systems Computer Emergency Response Team flagged two Medtronic devices for cybersecurity vulnerabilities that could allow attackers to obtain sensitive information.