Sector News

Medtronic disables updates for pacemaker programmers over cybersecurity concerns

October 12, 2018
Life sciences

Medtronic has disabled the internet update functionality of two of its CareLink devices used to program pacemaker implants amid concerns that they may be susceptible to cyberattacks, according to a letter from the medtech giant to healthcare professionals.

Vulnerabilities had been identified in the update download process that could allow an individual to update the devices with non-Medtronic software, the company said, possibly resulting in patient harm depending on the intent of the attack and the patient’s condition.

Medtronic has reviewed these vulnerabilities with the FDA and external researchers and has not observed or received reports of attacks or patient harm, the company said in a statement to FierceMedtech.

The affected programmers—the CareLink 2090 and the CareLink Encore 29901—can still receive updates through a USB port. No updates are needed for patients’ implanted devices.

Earlier this year, independent cybersecurity researchers said they found flaws in Medtronic’s pacemakers that would allow hackers to put patients at risk, according to CNBC.

In a presentation at the annual Black Hat cybersecurity conference in Las Vegas, two researchers demonstrated the security weaknesses in the pacemaker’s control unit, saying the vulnerabilities allowed for “the disruption of therapy as well as the ability to execute shocks to a patient.”

CNBC said about 33,000 of the programming devices are currently in use. In a company statement at the time, Medtronic said that the likelihood of a breach of a patient’s device is low, and that all medical devices carry some associated risk.

In September, the FDA said it would begin requiring cybersecurity documentation checks in new medical device submissions, following an HHS inspector general report that found the agency should take more steps to fully integrate cybersecurity into its premarket reviews.

The report recommended that the FDA and manufacturers use presubmission meetings to better address cybersecurity-related questions, that the agency include cybersecurity as an element in its SMART template used in 510(k) submissions, and that the FDA refuse to accept applications lacking the documentation.

By: Conor Hale

Source: Fierce Biotech

comments closed

Related News

January 29, 2023

Colorcon, Inc. signs Put agreement with intent to acquire controlled atmosphere packaging specialist Airnov Healthcare Packaging

Life sciences

Airnov provides critical healthcare industries with high-quality, controlled atmosphere packaging, to protect their products from moisture and oxygen. The business has manufacturing facilities in the USA, France, China and India and employs around 700 people.

January 29, 2023

Takeda pledges up to $1.13B for rights to Hutchmed’s cancer drug fruquintinib outside of China

Life sciences

Takeda of Japan has partnered with Hong Kong-based Hutchmed, gaining the commercial rights to colorectal cancer drug fruquintinib outside of China for $400 million up front, plus $730 million in potential milestone payments. Takeda also will help develop fruquintinib, which can be applied to subtypes of refractory metastatic colorectal cancer, regardless of biomarker status, the companies said.

January 29, 2023

Vir taps Bayer dealmaker Marianne De Backer as its next CEO

Life sciences

On April 3, Scangos, who’s been chief executive officer at Vir since the start of 2017, will hand over the reins to Marianne De Backer, Ph.D. De Backer comes over from Bayer, where she currently heads up pharmaceutical strategy, business development and licensing. Alongside her CEO appointment, De Backer is set to join Vir’s board of directors, the company said Wednesday.

How can we help you?

We're easy to reach