Breaking News

Medtronic disables pacemaker programmer updates over hack concern

TechnologyOct 11, 2018 01:53PM ET
Saved. See Saved Items.
This article has already been saved in your Saved Items
© Reuters. FILE PHOTO: Massachusetts Institute of Technology researcher and graduate student Haitham Al-Hassanieh holds one of the Medtronic heart defibrillators he successfully hacked, at MIT in Cambridge

By Jim Finkle

NEW YORK (Reuters) - Medical device maker Medtronic (NYSE:MDT) Plc has disabled internet updates for some 34,000 CareLink programming devices that healthcare providers around the world use to access implanted pacemakers, saying the system was vulnerable to cyber attacks.

The company said it knows of no cases where the vulnerability had been exploited by hackers in a letter sent to physicians this week, which was labeled "urgent medical device correction."

The vulnerability "could result in harm to a patient depending on the extent and intent of a malicious cyberattack and the patient’s underlying condition," according to the letter, which was seen by Reuters on Thursday.

Medical device makers have bolstered efforts to identify and mitigate security vulnerabilities in their products in recent years in response to a flurry of warnings from security researchers, who have identified bugs in devices like the Medtronic implant programmers.

There have been no documented reports of attacks on medical devices, though researchers warn the industry is far behind the computer industry in protecting devices from hackers.

Medtronic in August issued a security bulletin on the issue with its CareLink programmers after researchers discussed the vulnerability at the Black Hat hacking conference in Las Vegas. Medical device security experts said they had uncovered a bug that could enable hackers to update malicious software onto the programmers, then attack implanted pacemakers.

Pacemakers and implantable defibrillators are small devices placed in the chest that use electronic pulses to control abnormal heart rhythms in patients with arrhythmias.

Medtronic kept the network updates running until recently, saying it had increased security controls and boosted monitoring for potential malicious activity.

The vulnerability affects the internet-based platform for updating some 34,000 CareLink 2090 and CareLink Encore 29901 programmers that healthcare providers around the globe use to program implanted pacemakers, according to Medtronic.

The company said in the letter that it was is working to develop security updates "that will further address these vulnerabilities and will be implemented pending regulatory agency approvals."

In the meantime, the programmers can still be manually updated using a USB connection, the letter said.

Medtronic disables pacemaker programmer updates over hack concern

Add a Comment

Comment Guidelines

We encourage you to use comments to engage with users, share your perspective and ask questions of authors and each other. However, in order to maintain the high level of discourse we’ve all come to value and expect, please keep the following criteria in mind: 

  • Enrich the conversation
  • Stay focused and on track. Only post material that’s relevant to the topic being discussed.
  • Be respectful. Even negative opinions can be framed positively and diplomatically.
  •  Use standard writing style. Include punctuation and upper and lower cases.
  • NOTE: Spam and/or promotional messages and links within a comment will be removed
  • Avoid profanity, slander or personal attacks directed at an author or another user.
  • Don’t Monopolize the Conversation. We appreciate passion and conviction, but we also believe strongly in giving everyone a chance to air their thoughts. Therefore, in addition to civil interaction, we expect commenters to offer their opinions succinctly and thoughtfully, but not so repeatedly that others are annoyed or offended. If we receive complaints about individuals who take over a thread or forum, we reserve the right to ban them from the site, without recourse.
  • Only English comments will be allowed.

Perpetrators of spam or abuse will be deleted from the site and prohibited from future registration at’s discretion.

Write your thoughts here
Are you sure you want to delete this chart?
Post also to:
Replace the attached chart with a new chart ?
Your ability to comment is currently suspended due to negative user reports. Your status will be reviewed by our moderators.
Please wait a minute before you try to comment again.
Thanks for your comment. Please note that all comments are pending until approved by our moderators. It may therefore take some time before it appears on our website.
Are you sure you want to delete this chart?
Replace the attached chart with a new chart ?
Your ability to comment is currently suspended due to negative user reports. Your status will be reviewed by our moderators.
Please wait a minute before you try to comment again.
Add Chart to Comment
Confirm Block

Are you sure you want to block %USER_NAME%?

By doing so, you and %USER_NAME% will not be able to see any of each other's's posts.

%USER_NAME% was successfully added to your Block List

Since you’ve just unblocked this person, you must wait 48 hours before renewing the block.

Report this comment

I feel that this comment is:

Comment flagged

Thank You!

Your report has been sent to our moderators for review
Disclaimer: Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. All CFDs (stocks, indexes, futures) and Forex prices are not provided by exchanges but rather by market makers, and so prices may not be accurate and may differ from the actual market price, meaning prices are indicative and not appropriate for trading purposes. Therefore Fusion Media doesn`t bear any responsibility for any trading losses you might incur as a result of using this data.

Fusion Media or anyone involved with Fusion Media will not accept any liability for loss or damage as a result of reliance on the information including data, quotes, charts and buy/sell signals contained within this website. Please be fully informed regarding the risks and costs associated with trading the financial markets, it is one of the riskiest investment forms possible.
Continue with Google
Sign up with Email