FDA: Hackers Could Hijack Some Implanted Defibrillators


The world’s largest medical device company has acknowledged that many of its implanted cardiac defibrillators use an unencrypted wireless protocol that could allow an attacker to change the settings of the lifesaving devices.

The vulnerability affects more than 20 defribillator models, monitors and programmer units made by Medtronic Inc. of Fridley, Minnesota. The devices include implantable cardioverter defibrillators, or ICDs, which can correct dangerously fast or irregular heartbeat, and cardiac resynchronization therapy defibrillators, or CRT-Ds, which essentially are pacemakers that deliver small electrical charges to help keep the heart’s ventricles pumping in sync.

The Cybersecurity and Infrastructure Security Agency, part of the U.S. Department of Homeland Security, assigned the flaw a vulnerability score of 9.3 — near the top of its 10-point scale. It said the flaw could allow a bad actor of “low skill level” to read and write any memory location on the implanted devices.

The following list are the models most vulnerable to hacking:

Amplia MRI CRT-D, all models
Claria MRI CRT-D, all models
Compia MRI CRT-D, all models
Concerto CRT-D, all models
Concerto II CRT-D, all models
Consulta CRT-D, all models
Evera MRI ICD, all models
Evera ICD, all models
Maximo II CRT-D and ICD, all models
Mirro MRI ICD, all models
Nayamed ND ICD, all models
Primo MRI ICD, all models
Protecta CRT-D and ICD, all models
Secura ICD, all models
Virtuoso ICD, all models
Virtuoso II ICD, all models
Visia AF MRI ICD, all models
Visia AF ICD, all models
Viva CRT-D, all models
CareLink 2090 Programmer
MyCareLink Monitor, models 24950 and 24952
CareLink Monitor, Model 2490C


Read more at NBC.



Please enter your comment!
Please enter your name here