750,000 Medtronic defibrillators vulnerable to hacking

[InfoSec News <alerts () infosecnews org>]

http://www.startribune.com/750-000-medtronic-defibrillators-vulnerable-to-hacking/507470932/

By Joe Carlson
Star Tribune
March 21, 2019

As many as 750,000 heart devices made by Medtronic PLC contain a serious 
cybersecurity vulnerability that could let an attacker with sophisticated 
insider knowledge harm a patient by altering programming on an implanted 
defibrillator, company and federal officials said Thursday.

The Homeland Security Department, which oversees security in critical U.S. 
infrastructure including medical devices, issued an alert Thursday describing 
two types of computer-hacking vulnerabilities in 16 different models of 
Medtronic implantable defibrillators sold around the world, including some 
still on the market today. The vulnerability also affects bedside monitors that 
read data from the devices in patients’ homes and in-office programming 
computers used by doctors.

Medtronic recommends that patients use only bedside monitors obtained from a 
doctor or from Medtronic directly, to keep them plugged in so they can receive 
software updates, and that patients maintain “good physical control” over the 
monitor.

Implantable defibrillators are complex, battery-run computers implanted in 
patients’ upper chests to monitor the heart and send electric pulses or 
high-voltage shocks to prevent sudden cardiac death and treat abnormal heart 
beats. The vulnerabilities announced Thursday do not affect Medtronic 
pacemakers.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_