http://www.startribune.com/750-000-medtronic-defibrillators-vulnerable-to-hacking/507470932/
By Joe Carlson
Star Tribune
March 21, 2019
As many as 750,000 heart devices made by Medtronic PLC contain a serious
cybersecurity vulnerability that could let an attacker with sophisticated
insider knowledge harm a patient by altering programming on an implanted
defibrillator, company and federal officials said Thursday.
The Homeland Security Department, which oversees security in critical U.S.
infrastructure including medical devices, issued an alert Thursday describing
two types of computer-hacking vulnerabilities in 16 different models of
Medtronic implantable defibrillators sold around the world, including some
still on the market today. The vulnerability also affects bedside monitors that
read data from the devices in patients’ homes and in-office programming
computers used by doctors.
Medtronic recommends that patients use only bedside monitors obtained from a
doctor or from Medtronic directly, to keep them plugged in so they can receive
software updates, and that patients maintain “good physical control” over the
monitor.
Implantable defibrillators are complex, battery-run computers implanted in
patients’ upper chests to monitor the heart and send electric pulses or
high-voltage shocks to prevent sudden cardiac death and treat abnormal heart
beats. The vulnerabilities announced Thursday do not affect Medtronic
pacemakers.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
