FDA Approves Cybersecurity Fix for Cardiac Devices

FDA Approves Cybersecurity Fix for Cardiac Devices

In a voluntary recall, Medtronic has issued a software update to plug cybersecurity holes in programmers — which are kinds of software that physicians use to measure a connected device's performance, batter life and settings — for the company's implantable cardiac devices, according to the U.S. Food and Drug Administration. 

The software update is meant to “address a safety risk caused by cybersecurity vulnerabilities associated with the internet connection” between the programmers, the FDA said in its safety communication. Regulators approved the update on Oct. 5 and said there are “no known reports of patient harm” stemming from the issue.

The cybersecurity vulnerabilities affected the Carelink 2090 and Carelink Encore 29901 programmers. Medtronic staffers use the technologies to update software in implanted cardiac devices. FDA officials said the programmers use a secure virtual private network but don’t verify that connection before downloading software updates.

“To address this cybersecurity vulnerability and improve patient safety,” the agency wrote, “the FDA approved Medtronic’s update to the Medtronic network that will intentionally block the currently existing programmer from accessing the Medtronic SDN (Software Distribution Network).”

Medtronic is developing additional security features to further fix the vulnerabilities, according to the FDA. Regulators noted that physicians can still use the programmers to test the cardiac implants, as these features do not require network activity. Other connected features that aren’t affected by the cybersecurity vulnerabilities will continue to function.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

  • ISC West Is Two Months Away

    ISC West Is Two Months Away

    The annual “vacation” to Las Vegas is less than two months away. I anticipate it will be an amazing show, and furthermore, I expect the show hall to be teeming with interested security professionals. Read Now

    • Industry Events
  • Security Today Launches 2023 Government Security Awards

    Security Today Launches 2023 Government Security Awards

    Security Today is proud to announce the launch of the 2023 Government Security Awards. The Govies honor outstanding government security products in a variety of categories. For this year’s awards program, participants can choose from 38 different categories to enter their product(s) into. Read Now

  • Back to the Basics

    Back to the Basics

    Security is a continuous evolution of practices and procedures. The developments in technology and advancements in threats make security difficult at times. Although security from one location may look different from another location, there is a common goal applied to security measures. The common goal is protection. Read Now

  • The Top Three Security Trends in 2023

    The Top Three Security Trends in 2023

    As security technology has become more widely used, the interest in new capabilities and increased security measures has increased. As we head into 2023, these three trends will shape the security landscape. Read Now

Featured Cybersecurity

New Products

  • Pivot3 Surety

    Pivot3 Surety

    Pivot3 has announced Surety, a new intelligent software framework to simplify the management and monitoring of physical security environments. 3

  • ALTO Neoxx Electronic Padlock

    ALTO Neoxx Electronic Padlock

    Built to withstand all access control needs, the tough new SALTO Neoxx electronic padlock takes security beyond your expectations. 3

  • SAFR® from RealNetworks

    SAFR® from RealNetworks

    A unique feature in SAFR version 3.4 is its ability to automate alerts to security personnel when a spoofing attempt or a fraudulent attempt to gain access is detected. 3