Contact Contact Us

Medtronic Disables Updates For Pacemaker Programmer Due To Vulnerability, Israel’s National Emergency Service Websites Exposed Patient Data
HEALTHCARE INDUSTRY

Global medical equipment company Medtronic disabled internet updates for 34,000 CareLink programming devices, which many healthcare providers use to access implanted pacemakers, over a vulnerability that could cause harm to patient in a cyberattack. The vulnerability affects the internet-based platform for updating CareLink 2090 and CareLink Encore 29901 and enables hackers to update malicious software onto the programming devices. The vulnerability was discussed by researchers at the Black Hat hacking conference in August. Medtronic said it knows of no cases where the vulnerability had been exploited by hackers.

In addition, a white hat hacker found serious security flaws in the websites of Magen David Adom, Israel’s national emergency medical, disaster, ambulance and blood bank service, that exposed the data of volunteers and patients. Simply by changing the parameters on the websites, the hacker said that he could access patient data such as names, addresses, phone numbers, ID numbers, and credit card details. He could also control and download the entire database through a volunteer website, and rewrite code to shut down the system and disrupt ambulance service. Magen David Adom has taken down all affected websites.

References:
[1] Medtronic disables pacemaker programmer updates over hack concern
[2] Medical Information Leaked After Hackers Breach Israeli Emergency Responders' Website

Ensign InfoSecurity Singapore
6 Commonwealth Lane
Singapore 149547

Tel: +65 6788 2882
Fax: +65 6788 3883