FDA/CDC

Some cardiac devices vulnerable to cybersecurity threats


 

Implantable cardiac devices made by Medtronic have cybersecurity vulnerabilities, according to a safety communication from the Food and Drug Administration. That said, so far the FDA is unaware of any reports of harm related to these vulnerabilities, and the agency still advises doctors and patients to continue using the devices as intended and in accordance with device labeling.

FDA icon

The Conexus wireless telemetry protocol used with Medtronic’s implantable cardioverter defibrillators and cardiac resynchronization therapy defibrillators, as well as with certain models of Medtronic’s CareLink Programmer and the MyCareLink Monitor, lacks encryption, authentication, or authorization, which leaves the devices open to exploitation. Such exploitation “could allow unauthorized individuals ... to access and potentially manipulate an implantable device, home monitor, or clinic programmer,” the agency said in its safety communication.

The FDA provides several recommendations in the safety communication, including obtaining these devices “directly from the manufacturer to ensure integrity of the system” and operating “the programmers within well-managed networks.”

Recommended Reading

Medical advice prompts unneeded emergency visits by AF patients
Clinician Reviews
Immunotherapy’s cardiac effects require early monitoring, management
Clinician Reviews
What cardiologists need to know about ARVC
Clinician Reviews
Infective endocarditis isn’t what it used to be
Clinician Reviews
Apple Watch algorithm brings wearables closer to clinical practice
Clinician Reviews
Antibiotic-eluting envelope reduces CIED infections
Clinician Reviews
AUGUSTUS: Dual surpasses triple therapy when AFib patients have PCI or ACS
Clinician Reviews
Abstinence by moderate drinkers improves their AFib
Clinician Reviews
FDA: Programmable heart failure device approved
Clinician Reviews
Increased sudden death risk in HIV linked to cardiac fibrosis
Clinician Reviews