Hackers Can Take Over Heart Devices, DHS warns

Hackers Can Take Over Heart Devices, DHS warns

Any connected device these days is a potential target of hackers—and that now includes defibrillators.

Implantable defibrillators made by Minneapolis, Mn.-based Medtronic could allow an attacker to interfere with and collect sensitive data from the devices, the Department of Homeland Security (DHS) said in a medical advisory.

A defibrillator is used to treat a life-threatening cardiac event by resetting the electrical state of the heart so that it can beat normally. In Medtronic's case, the defibrillator uses an unsecured protocol to communicate with other devices.

The vulnerability only requires “low skill level,” the DHS advisory said.

The issue affects certain ICD (implantable cardioverter defibrillator) and CRT-Ds (implantable cardiac resynchronization therapy/defibrillator device) models using the Conexus telemetry system, Medtronic told Fox News in a statement.

The problem does not affect pacemakers, insertable cardiac monitors or other Medtronic devices, the company said. “To date, no cyber attack, privacy breach, or patient harm has been observed or associated with these issues,” Medtronic added.

A key vulnerability is that the Conexus telemetry protocol (an automated communications process to collect data) used by the devices does not implement authentication or authorization, according to the DHS.

“An attacker with adjacent short-range access to an affected product, in situations where the product’s radio is turned on, can inject, replay, modify, and/or intercept data within the telemetry communication,” the DHS advisory said.

The DHS advisory listed about 20 products and versions of Medtronic devices affected...

Defensive measures, to minimize the risk, that users can take include:

  • Maintain physical control over home monitors and programmers
  • Use only home monitors, programmers, and implantable devices obtained directly from your healthcare provider or a Medtronic representative to ensure integrity of the system
  • Do not connect unapproved devices to home monitors and programmers through USB ports or other physical connections.

More...

SOURCE: Fox News

See DHS medical advisory here.

 

 

 

Mission & Vision

The mission of the Sudden Cardiac Arrest (SCA) Foundation is to prevent death and disability from sudden cardiac arrest. The vision of the SCA Foundation is to increase awareness about sudden cardiac arrest and influence attitudinal and behavioral changes that will reduce mortality and morbidity from SCA.

SCA Newsletter

Sign Up with the SCA Foundation News in order to stay informed! (* required field)

Contact Us

The Sudden Cardiac Arrest Foundation would like to hear from you! If you have questions or comments — Contact Us!

724-625-0025

Sudden Cardiac Arrest Foundation
7500 Brooktree Road
Wexford, PA 15090

Copyright © 2019 Sudden Cardiac Arrest Foundation. All Rights Reserved.

Web Design & Development, & Web Hosting By FastWebEngine