In case you haven’t noticed, cybersecurity for medical devices is a subject of concern for the FDA. The issue has been clarified this week by the announcement of cybersecurity vulnerabilities affecting Medtronic Implantable Cardiac Devices, Programmers, and Home Monitors. The devices are implanted cardioverter defibrillators (ICDs) or cardiac resynchronization therapy defibrillators (CRT-Ds), devices that provide pacing for slow heart rhythms and electrical shocks or pacing to stop dangerously fast heart rhythms. The devices communicate wirelessly with a home monitoring station that sends data to the patient’s physician through the Internet. The cybersecurity vulnerabilities are associated the Conexus wireless telemetry protocol used as part of the communication method. The protocol does not currently use encryption, authentication, or authorization, leaving it open for access by an unauthorized individual. The FDA is working with Medtronic to correct these vulnerabilities as soon as possible. The announcement includes agency recommendations to physicians, patients, and caregivers as well as a link to report any adverse events associated with the device.

Read more about the agency’s activities to monitor and address cybersecurity issues in medical devices at the Cybersecurity web site.

Text Copyright © 2019 Katrina Rogers