In a bid to address cybersecurity concerns, medical device manufacturer Medtronic Plc has disabled web updates for roughly 34,000 CareLink programming devices, according to a new Reuters report. In a letter sent to physicians (and intercepted by Reuters), Medtronic officials said that despite this move, they know of no cases where a hacker has exploited vulnerabilities in these devices.
The letter, detailing an “urgent medical device concern,” said that vulnerabilities in CareLink devices “could result in harm to a patient depending on the extent and intent of a malicious cyberattack and the patient’s underlying condition,” according to Reuters.
Medtronic also said that company officials are working to develop security updates “that will further address these vulnerabilities and will be implemented pending regulatory agency approvals.” For now, though, the programming device can be updated manually via a USB connection, Reuters reported.
This development comes on the heels of an alert Medtronic sent out in August regarding cybersecurity concerns with its CareLink programmers. Specifically, experts uncovered a bug that could enable hackers to update malware onto the programmers, then attack implanted pacemakers—a vulnerability exposed at the Black Hat hacking conference.
