FDA Approves Cybersecurity Fix for Cardiac Devices

FDA Approves Cybersecurity Fix for Cardiac Devices

In a voluntary recall, Medtronic has issued a software update to plug cybersecurity holes in programmers — which are kinds of software that physicians use to measure a connected device's performance, batter life and settings — for the company's implantable cardiac devices, according to the U.S. Food and Drug Administration. 

The software update is meant to “address a safety risk caused by cybersecurity vulnerabilities associated with the internet connection” between the programmers, the FDA said in its safety communication. Regulators approved the update on Oct. 5 and said there are “no known reports of patient harm” stemming from the issue.

The cybersecurity vulnerabilities affected the Carelink 2090 and Carelink Encore 29901 programmers. Medtronic staffers use the technologies to update software in implanted cardiac devices. FDA officials said the programmers use a secure virtual private network but don’t verify that connection before downloading software updates.

“To address this cybersecurity vulnerability and improve patient safety,” the agency wrote, “the FDA approved Medtronic’s update to the Medtronic network that will intentionally block the currently existing programmer from accessing the Medtronic SDN (Software Distribution Network).”

Medtronic is developing additional security features to further fix the vulnerabilities, according to the FDA. Regulators noted that physicians can still use the programmers to test the cardiac implants, as these features do not require network activity. Other connected features that aren’t affected by the cybersecurity vulnerabilities will continue to function.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

  • Fresh Security Perspective from AMAG’s New Sales Director A Fresh Perspective on Security

    Fred Nelson may be new to the security industry but his sales and leadership methods are time tested, and true. Fred joined AMAG only a few months ago, but brings with him a wealth of experience in sales and life balance solutions. This year is off to a good start for AMAG with new solutions on the horizon.

Digital Edition

  • Security Today Magazine - April 2022

    April 2022


    • Similarities at Data Centers and Airports
    • Transitioning to the Cloud
    • Going High Tech
    • The Benefits of On-site Security
    • Optimizing Store Layouts

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • Spaces4Learning
  • Campus Security & Life Safety