The U.S. Food and Drug Administration (FDA) yesterday issued a statement warning of vulnerabilities in Medtronic (CIED) pacemaker programming devices.
The report shows that although there are currently no reports of damage to patients with these devices, hackers may have remote access to pacemakers. So far, Medtronic has responded quickly to the announcement by releasing a software update to address the vulnerability in Carelink 2090 and Carelink Encore 29901.
Medtronic has said that the software update that fixes the bug can be done via an online connection to the Medtronic Distribution Network (SDN) or through a company representative who connects a USB device to the programmer to eliminate the bug.
The FDA publication states that the vulnerability would allow a hacker to change the functions of the programmer and even the implanted pacemaker both at the time of implantation and during pacemaker verification consultations. In addition, it was explained that although the programmer used a VPN to connect to the Medtronic SDN, the vulnerability was that the programmers did not check whether they were connected to the VPN or not to start downloading updates.
The FDA’s warning comes at a critical time for the U.S. healthcare sector regarding computer vulnerabilities as the Department of Health and Human Resources puts pressure on the FDA to incorporate new security measures into its medical device testing and monitoring processes.
Today, the FDA also issued a warning to the leading U.S. electronic cigarette company, which illegally sells anti-obesity and erectile dysfunction drugs through the oils used by these smokers.