You are here

Some Implantable Cardiac Devices Have Cybersecurity Flaw

Device Use Should Continue–Remote Monitoring Benefits Outweigh Cyberattack Risks

Medtronic has disclosed a potential cybersecurity risk in several of its implantable cardiac devices, including defibrillators and resynchronization therapy hardware.

The security flaw was found in the Conexus radio frequency wireless telemetry protocol, which transmits unencrypted data to program the devices or gather information from the implants.

According to Medtronic, the vulnerabilities could enable unauthorized users to access or change the settings on implantable devices, at-home monitors, or programmers in the clinic. The company stated there have been no reports of a related cyberattack, privacy breach, or harm to patients.

The affected devices include models such as the Amplia, Claria, Compia, Concerto, Consulta, and Viva CRT-D devices; Evera, Maximo II, Mirro, Nayamed ND, Primo, Protecta, Secura, Virtuoso, and Visia implantable defibrillators; and some CareLink monitors and programmers. Medtronic’s pacemakers do not use Conexus telemetry.

Medtronic, and the FDA, recommended that devices continue to be used, saying that the benefits of remote monitoring–which include earlier detection of arrhythmias, fewer hospital visits, and improved survival rates–outweigh the risks of cyberattack. To exploit the vulnerabilities, attackers would need specialized knowledge of medical devices, wireless telemetry, and electrophysiology. In addition, device activation times are limited outside the hospital/clinic, vary by patient, and would be hard to predict by an unauthorized user.

The FDA said that reprogramming or updating the devices is not required at present.

Source: FierceBiotech, March 26, 2019; Medtronic, March 21, 2019

Recent Headlines

Study of posted prices finds wild variations and missing data
Potential contamination could lead to supply chain disruptions
Despite older, sicker patients, mortality rate fell by a third in 10 years
Study finds fewer than half of trials followed the law
WHO to meet tomorrow to decide on international public heath emergency declaration
Declining lung cancer mortality helped fuel the progress
Kinase inhibitor targets tumors with a PDGFRA exon 18 mutation
Delayed surgery reduces benefits; premature surgery raises risks
Mortality nearly doubled when patients stopped using their drugs