Medtronic Disables CareLink Pacemaker Software Updates Due To Risk Of Cyber Attack

The manufacturer of more than 34,000 implantable pacemakers has disabled internet access for updating and programming the devices, after discovering that they may be vulnerable to hacking or cyber attacks. 

Medtronic issued an Urgent Medical Device Correction to physicians this week, indicating that new cyber-security vulnerabilities have led the manufacturer to disable internet access for the devices.

To date, no reports of successful hacks or disturbances to an implantable pacemaker have been reported, but remote control for the implantable pacemakers may pose serious and life-threatening health risks for patients.

Did You Know?

Change Healthcare Data Breach Impacts Millions of Customers

A massive Change Healthcare data breach exposed the names, social security numbers, medical and personal information of potentially 100 million Americans, which have now been released on the dark web. Lawsuits are being pursued to obtain financial compensation.

Learn More

The action comes after Medtronic discovered the CareLink devices could be susceptible to hacking, which could potentially allow someone to gain control over the device and change electronic pulse functions or give false readings.

The correction notice affects all serial numbers of the CareLink 2090 Programmer and the CareLink Encore 29901 Programmer, impacting approximately 34,000 devices.

The U.S. Food and Drug Administration (FDA) was notified of Medtronic’s action and states the agency reviewed the safety notice describing the vulnerabilities and approved of the decision to disable internet updates.

Physicians with patients using the implanted devices are being told to continue using the CareLink programs, but are being advised not attempt to update the software over the internet. According to Medtronic, no action is necessary on the part of the patients, and the company is working on mitigating the vulnerabilities.

Cybersecurity threats in the medical field have been a growing concern over the last few years, as vulnerabilities to healthcare organizations’ record systems and medical devices have surfaced.

Since 2014, the U.S. Department of Homeland Security (DHS) has been actively investigating at least two dozen cases of suspected cybersecurity flaws in medical devices and hospital equipment. According to DHS, if preventative actions to strengthen the medical field’s cybersecurity issues are not taken, hackers could exploit these vulnerabilities and put patients in serious risk.

According to an announcement by FDA Commissioner Scott Gottlieb earlier this month, the agency has collaborated efforts with MITRE Corporation to develop a medical device cybersecurity playbook designed to prepare healthcare delivery organizations for malicious attacks that could allow control over medical devices used to treat patients.

Previous medical device hacking demonstrations have dated back to 2012, when researchers at a RSA security conference in San Francisco in 2012, were able to hack medical devices such as insulin pumps from up to 300 feet away. The demonstration further showed how hackers could remotely take control of the insulin devices, allowing them to deliver lethal doses of insulin to patients without any notification.

0 Comments

Share Your Comments

I authorize the above comments be posted on this page*

Want your comments reviewed by a lawyer?

To have an attorney review your comments and contact you about a potential case, provide your contact information below. This will not be published.

NOTE: Providing information for review by an attorney does not form an attorney-client relationship.

This field is for validation purposes and should be left unchanged.

More Top Stories

Depo-Provera Lawsuit MDL Application Will Be Considered by JPML at Hearing on Jan. 30, 2025
Depo-Provera Lawsuit MDL Application Will Be Considered by JPML at Hearing on Jan. 30, 2025 (Posted yesterday)

With a growing number of women pursuing Depo-Provera brain tumor lawsuits throughout the federal court system, the U.S. JPML will decide whether to consolidate and centralize the claims before one judge for coordinated discovery and pretrial proceedings.

AngioDynamics Port Catheter Lawyers Seek Leadership Roles in MDL
AngioDynamics Port Catheter Lawyers Seek Leadership Roles in MDL (Posted 2 days ago)

A proposal has been submitted for a group of 12 lawyers involved in AngioDynamics port catheter lawsuits to serve in various leadership positions in the litigation, which involves dozens of claims that the implants were defectively designed, leading to fractures, migration and infections.