Latest in Gear

Image credit:

DHS issues warning about Medtronic implantable defibrillator flaws

Homeland Security has issued a warning about the vulnerabilities.
Share
Tweet
Share

Sponsored Links

Who_I_am via Getty Images

The Department of Homeland Security and Medtronic are advising people with the latter's implantable defibrillators to keep their monitors and programmers updated and in sight. A warning issued by the department says over 20 Medtronic products are afflicted with vulnerabilities that could be exploited by attackers nearby. Sixteen of the products are implantable defibrillators -- some still sold around the world today -- while the others are the defibrillators' bedside monitors and programmers. According to the Star Tribune, as many as 750,000 devices for the heart come with the flaws.

Medtronic(This is one of the affected Medtronic programmers, which allow doctors to tweak the implant's settings.)

Implantable defibrillators are placed under the skin to monitor the patient's heart. If they detect a wildly irregular rhythm, they shoot out electric shocks to restore the person's normal heartbeat. The vulnerabilities allow bad actors to change or inject data sent between a defib and its programming device. Medtronic's affected products don't use use formal authentication or authorization protections, which means attackers can alter the implant's settings and potentially harm the patient.

Since the hacker has to be in close proximity to the affected devices, though, the company told Star Tribune that the risk of physical harm to patients with implants appears to be low. It also said that it's now monitoring its network for signs of exploit attempts, and it ensured patients that its defibrillators will automatically shut down wireless communications if they receive unusual commands.

Even so, the company is reminding patients to only use devices obtained directly from healthcare providers and to keep wireless communications open so they'd receive the security patch when it rolls out. Also, in addition to physically keeping monitors and programmers safe, Medtronic is discouraging patients from plugging USB sticks and other unapproved accessories into the devices.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Raspberry Pi Pico is a $4 Arduino alternative

Raspberry Pi Pico is a $4 Arduino alternative

View
Samsung Galaxy S21 review: The best Android phone for the money

Samsung Galaxy S21 review: The best Android phone for the money

View
New White House website includes a hidden recruitment message for coders

New White House website includes a hidden recruitment message for coders

View
See the 'Girl with a Pearl Earring' painting in 10-gigapixel detail

See the 'Girl with a Pearl Earring' painting in 10-gigapixel detail

View
Samsung Galaxy S21 Ultra review: A capable but costly flagship

Samsung Galaxy S21 Ultra review: A capable but costly flagship

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr