July 7, 2023

CISA: New ‘high-risk’ cyber vulnerability for Medtronic cardiac device management system

By: Tarsilla Moura

Editor's Note

On June 29, the Cybersecurity & Infrastructure Security Agency (CISA) issued a medical advisory alert "warning of a significant, high-risk vulnerability in Medtronic’s Paceart Optima System, which is used to compile and manage patients’ cardiac device data," the American Hospital Association (AHA) July 6 reports.

According to CISA, the versions of the Medtronic system that are "at risk of exploitation by unauthorized users" are versions 1.11 and prior. The alert warns that hackers can "perform remote code executions or launch denial-of-service attacks," the latter of which "could slow or render the system unresponsive." John Riggi, AHA's national advisor for cybersecurity and risk, reminded healthcare professionals to be aware of "medical device cyber vulnerabilities" that depend on "third-party medical device manufacturers...to develop and deploy patches."

Medtronic is urging healthcare facilities to immediately update the Paceart Optima system to v1.12 in order to mitigate this security risk. CISA’s medical advisory also includes a list of mitigation steps to take until said system update is complete, as recommended by Medtronic.

Live chat by BoldChat