Global Edition
Privacy & Security

CISA warns of Medtronic cardiac device security vulnerability

Medtronic has released an update for a cybersecurity vulnerability that an unauthorized user could exploit to steal, delete or modify cardiac device data or to gain network access.
By Andrea Fox
July 05, 2023
09:23 AM

Credit: vorDa/Getty Images

The Cybersecurity and Infrastructure Security Agency said Medtronic reported a cyber breach of a vulnerability in its Paceart Optima System, which compiles and manages patients' cardiac device data.

WHY IT MATTERS

According to Medtronic's advisory, the vulnerability is in an enabled optional messaging feature in the Paceart Messaging Service and healthcare organizations should work with Medtronic technical support to install the update to the Paceart Optima application, which will eliminate this vulnerability from the application server.

In the advisory, CISA provided steps that can be taken immediately for some configurations. 

The agency also urged health systems and providers to minimize network exposure for all control system devices by taking them offline – particularly for organizations running a combined application and integration server – to reduce the risks of remote code execution or a denial-of-service condition. 

CISA also suggested using secure virtual private networks when remote access is required.

THE LARGER TREND

Last year, the FBI issued a report offering recommendations to address a number of cybersecurity vulnerabilities in active medical devices.

Beyond impacting healthcare facility operations, patient safety, data confidentiality and integrity, cyberattacks on medical devices can result in inaccurate readings, drug overdoses or other dangers to patient health.

Equipment vulnerable to cyberattacks includes insulin pumps, intracardiac defibrillators, mobile cardiac telemetry, pacemakers and intrathecal pain pumps, the FBI noted in its report.

The FBI has warned the healthcare sector about DDoS attack vulnerabilities for connected devices since 2017 with the anticipated explosion of connected devices. 

"Deficient security capabilities, difficulties in patching vulnerabilities and a lack of consumer security awareness provide cyber actors with opportunities to exploit these devices," the agency said.

ON THE RECORD

"If a healthcare delivery organization has enabled the optional Paceart Messaging Service in the Paceart Optima system, an unauthorized user could exploit this vulnerability to perform remote code execution and/or denial-of-service attacks by sending specially crafted messages to the Paceart Optima system," CISA said in the advisory.

Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.

Topics: 
Medical Devices, Network Infrastructure, Privacy & Security

More regional news

Ravi Teja Karri of Froedtert ThedaCare Health on AI

Using AI and ML in predictive analytics for bed demand forecasting

By
Bill Siwicki
December 17, 2024
Abstract image of AI brain and technology

ASTP updates HHS AI Use Case Inventory for 2024

By
Mike Miliard
December 17, 2024
Female doctor on laptop smiles at patient in foreground who is taking notes

Report shows overwhelming doctor support for virtual care

By
Andrea Fox
December 17, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Ravi Teja Karri of Froedtert ThedaCare Health on AI
Using AI and ML in predictive analytics for bed demand forecasting

Most Read

Sunway Medical to test surgical robots and more robotics briefs
Encryption experts say providers should look to PETs for safer analytics
Epic asks court to throw out 'baseless' Particle Health lawsuit
CHAI: Look for healthcare AI model 'nutrition labels' soon
New DiMe platform validates digital health software
Aidoc, NVIDIA intro new plan to speed AI adoption in healthcare

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

Video

Cindy Henry at ZeOmega_Five star review slider Photo by Lemon_tm/iStock/Getty Images Plus
Medicare Advantage star ratings' 'new normal'
Rami Karjian at LeanTaaS_Team of surgeons Photo by Hispanolistic/E+/Getty Images
Addressing OR disruption with predictive analytics
Lee Kim at HIMSS_Healthcare Cybersecurity Forum 2024
Governance remains a significant cybersecurity weak point
Cliff Steinhauer at the National Cybersecurity Alliance_Laptop with American flag and binary code Photo by Smederevac/iStock/Getty Images Plus
Cybersecurity fortitude expected to persist in 2025

More Stories

Lee Kim at HIMSS_Healthcare Cybersecurity Forum 2024
Governance remains a significant cybersecurity weak point
Michael Meucci of Arcadia on AI
AI is shifting from novelty to a critical resource, embedded in healthcare
Nursing executives huddle with staff and discuss data on a tablet.
Roundup: New tools aim to give clinicians what they need with AI
Healthcare worker with tablet looking at data displays
Create a center of excellence to maximize the ROI of AI investments
Cliff Steinhauer at the National Cybersecurity Alliance_Laptop with American flag and binary code Photo by Smederevac/iStock/Getty Images Plus
Cybersecurity fortitude expected to persist in 2025
Adam Greene at Davis Wright Tremaine_Healthcare Cybersecurity Forum 2024
When it comes to M&A cybersecurity risks, caveat emptor
Map of U.S. shows health information data exchange points in blue fiber optic light
Sequoia Project identifies priority interoperability use cases
Robert Crowe at Matchwell_Medical staff in OR photo by Aja Koska/iStock/Getty Images Plus
Flexibility a key goal for and more clinicians