Medtronic Faces Cybersecurity Risk for Clinical Programmer

The Department of Homeland Security has warned in a report that there are cybersecurity vulnerabilities in Medtronic’s N’Vision clinical programmer.

Omar Ford

May 18, 2018

1 Min Read
Medtronic Faces Cybersecurity Risk for Clinical Programmer
JayDeep/Pixabay

The Department of Homeland Security (DHS) is warning that there are cybersecurity vulnerabilities in Medtronic’s N’Vision clinical programmer. The Dublin-based company’s Programmer is a small, portable device that offers a single programming platform for Medtronic Neurological implantable therapy offerings. The company pointed out it is not an implantable device.

The N’Vision Clinical Programmer has the potential to store Personal Health Information or Personal Identifying Information. In its report, DHS said the successful exploitation of the vulnerability could “allow an attacker with physical access to an 8870 N’Vision Compact Flash” card to access this personal information.

Medtronic said it has assessed this vulnerability per its internal process.

A spokesperson for the company told MD+DI that, “these findings revealed a low safety risk because physical access to a physician programmer is needed to exploit the vulnerability; this does not pose a risk for changing the function or performance of an implanted device; these devices are not commercially sold, and these devices are intended for only healthcare practitioners.”

Medtronic said any commercial sales to third parties are strictly prohibited, and it has published an advisory about this vulnerability, detailing steps to mitigate any risk of inappropriate data exposure. Network-connected medical devices promise an entirely new level of value for patients and doctors, but they also introduce new cybersecurity vulnerabilities that could affect clinical operations and put patient care at risk.

Various firms have faced cybersecurity vulnerabilities. Abbott Laboratories’ St. Jude Medical ran into issues with its Merlin technology back in 2016. A cybersecurity flaw was identified in the technology that could allow hackers to take control of a person’s defibrillator or pacemaker. In January of 2017, Abbott sent out an update to deal with the  vulnerabilities. 

About the Author

Omar Ford

Omar Ford is a veteran reporter in the field of medical technology and healthcare journalism. As Editor-in-Chief of MD+DI (Medical Device and Diagnostics Industry), a leading publication in the industry, Ford has established himself as an authoritative voice and a trusted source of information.

Ford, who has a bachelor's degree in print journalism from the University of South Carolina, has dedicated his career to reporting on the latest advancements and trends in the medical device and diagnostic sector.

During his tenure at MD+DI, Ford has covered a wide range of topics, including emerging medical technologies, regulatory developments, market trends, and the rise of artificial intelligence. He has interviewed influential leaders and key opinion leaders in the field, providing readers with valuable perspectives and expert analysis.

 

Sign up for the QMED & MD+DI Daily newsletter.

You May Also Like