The FDA issued a safety communication alert on March 21 warning healthcare providers and individuals with Medtronic cardiac defibrillators of cybersecurity vulnerabilities in the devices' wireless technology.
The alert was issued after the FDA reviewed information concerning possible cybersecurity vulnerabilities associated with the Conexus wireless telemetry technology used for communication between Medtronic's implantable cardiac devices, clinic programmers and home monitors.
The wireless technology does not use encryption, authentication or authorization, which leave Medtronic's cardiac implantable cardioverter defibrillators and cardiac resynchronization therapy defibrillators vulnerable to being hacked. If an unauthorized individual gained access, he or she could potentially manipulate an implantable device, home monitor or clinic programmer.
Medtronic is working to add security updates to address the cybersecurity vulnerabilities, according to the FDA. In the interim, the FDA recommends providers maintain control of the devices' programmers and keep IT networks well-managed. The agency also does not recommend replacing the devices, and said it is unaware of any reports of patient harm related to the cybersecurity vulnerabilities.
To access the full report, click here.