Notable safety alert: Cybersecurity vulnerabilities for Medtronic ICDs
Cybersecurity Vulnerabilities Affecting Medtronic Implantable Cardiac Devices, Programmers, and Home Monitors: FDA Safety Communication (DATE ISSUED: March 21, 2019)
For complete alert, consult the FDA’s website: https://www.fda.gov
Patients with a Medtronic cardiac implantable cardioverter defibrillators (ICDs) or cardiac resynchronization therapy defibrillators (CRT-Ds)
Caregivers of patients with a Medtronic ICD or CRT-D
Cardiologists, electrophysiologists, cardiac surgeons, and primary care physicians treating or managing patients with heart failure or heart rhythm problems using a Medtronic ICD or CRT-D
Cardiac Electrophysiology, Cardiology, Cardiothoracic Surgery, Heart Failure
The U.S. Food and Drug Administration (FDA) is issuing this safety communication to alert health care providers and patients about cybersecurity vulnerabilities identified in a wireless telemetry technology used for communication between Medtronic’s implantable cardiac devices, clinic programmers, and home monitors. The FDA recommends that health care providers and patients continue to use these devices as intended and follow device labeling.
Although the system’s overall design features help safeguard patients, Medtronic is developing updates to further mitigate these cybersecurity vulnerabilities. To date, the FDA is not aware of any reports of patient harm related to these cybersecurity vulnerabilities.
This communication does NOT apply to any pacemakers, cardiac resynchronization pacemakers (CRT-Ps), CareLink Express monitors, or the CareLink Encore Programmer (model 29901).
Summary of Problem and Scope
The FDA has reviewed information concerning potential cybersecurity vulnerabilities associated with the use of the Conexus wireless telemetry protocol which is used as part of the communication method between Medtronic’s ICDs, CRT-Ds, clinic programmers, and home monitors.
The Conexus wireless telemetry protocol uses wireless radio frequency (RF) to enable communication between the devices and allows Medtronic programmers and monitoring accessories to do one or more of the following:
Remotely transmit data from a patient’s implanted cardiac device to a specified health care clinic (remote monitoring), including important operational and safety notifications;
Allow clinicians to display and print device information in real-time; and
Allow clinicians to program implanted device settings.
The Conexus wireless telemetry protocol has cybersecurity vulnerabilities because it does not use encryption, authentication, or authorization. The FDA has confirmed that these vulnerabilities, if exploited, could allow an unauthorized individual (for example, someone other than the patient’s physician) to access and potentially manipulate an implantable device, home monitor, or clinic programmer.
Medtronic is working to create and implement additional security updates to address these cybersecurity vulnerabilities beyond safety features in the current design as described in Medtronic’s security bulletin. For example, the safety features in the current design include: the protocol can be activated only by the patient’s health care provider at a clinic, activation times vary by patient, and an unauthorized user would need to be close to an active device, monitor or clinic programmer to take advantage of these vulnerabilities. For more information see Medtronic’s Security Bulletin.