Digital Disruption Innovation Medical Devices News Privacy and Security

US Department of Homeland Security updates cybersecurity warnings that include Medtronic Products

The United States Department of Homeland Security ( DHS ) has updated cybersecurity warnings on various Medtronic programmer products due errors occurring with the medical devices.

DHS warned about Medtronic’s 2090 CareLink programmer, MyCareLink monitor and the CareLink monitor and 29901 Encore programmer.

The warning included details about a product that uses a per-product username and password that is stored in a recoverable format.

By March, DHS had warned of vulnerabilities in Medtronic devices using its Conexus radio frequency telemetry protocol, including some CareLink devices. DHS’ latest update cited vulnerabilities with improper access control and cleartext transmission of sensitive information.

With these devices, exploitation of the vulnerabilities may offer an attacker access to the product to interfere with, generate, modify or intercept radio frequency communication from the Medtronic Conexus telemetry system, which could impact its functionality and/or allow access to transmitted sensitive data.

For mitigation, Medtronic stated – ‘After additional review and risk evaluation of the affected products, Medtronic has disabled the network-based software update mechanism, including both the VPN and the HTTP subservices, as an immediate security mitigation. Users should not attempt to update the affected products over the network as this update mechanism is vulnerable to the attack described in section 4.2.3. Medtronic will continue to implement and deploy increased security protections and mitigation to address the vulnerabilities in this advisory. Users should still obtain and apply updates via controlled USB dongles and should contact their Medtronic representative for more information. Medtronic recommends that affected products continue to be used for their intended purpose in the previously described manner.’

Meeta Ramnani
Meeta Ramnani
Meeta develops credible content about various markets based on deep research, opinions from experts and inputs from industry leaders. As the managing editor at Smart Industry News, she assures that every piece of news and article adds to the knowledge of decision makers. An avid bike rider, Meeta, is a postgraduate from Indian Institute of Journalism and New Media (IIJNM) Bangalore, where her specialization was Business Journalism. She carries experience from mainstream print media including The Times Group and Sakal Media Group.