Global Edition
Privacy & Security

CISA warns of Medtronic cardiac device security vulnerability

Medtronic has released an update for a cybersecurity vulnerability that an unauthorized user could exploit to steal, delete or modify cardiac device data or to gain network access.
By Andrea Fox
July 05, 2023
09:23 AM

Credit: vorDa/Getty Images

The Cybersecurity and Infrastructure Security Agency said Medtronic reported a cyber breach of a vulnerability in its Paceart Optima System, which compiles and manages patients' cardiac device data.

WHY IT MATTERS

According to Medtronic's advisory, the vulnerability is in an enabled optional messaging feature in the Paceart Messaging Service and healthcare organizations should work with Medtronic technical support to install the update to the Paceart Optima application, which will eliminate this vulnerability from the application server.

In the advisory, CISA provided steps that can be taken immediately for some configurations. 

The agency also urged health systems and providers to minimize network exposure for all control system devices by taking them offline – particularly for organizations running a combined application and integration server – to reduce the risks of remote code execution or a denial-of-service condition. 

CISA also suggested using secure virtual private networks when remote access is required.

THE LARGER TREND

Last year, the FBI issued a report offering recommendations to address a number of cybersecurity vulnerabilities in active medical devices.

Beyond impacting healthcare facility operations, patient safety, data confidentiality and integrity, cyberattacks on medical devices can result in inaccurate readings, drug overdoses or other dangers to patient health.

Equipment vulnerable to cyberattacks includes insulin pumps, intracardiac defibrillators, mobile cardiac telemetry, pacemakers and intrathecal pain pumps, the FBI noted in its report.

The FBI has warned the healthcare sector about DDoS attack vulnerabilities for connected devices since 2017 with the anticipated explosion of connected devices. 

"Deficient security capabilities, difficulties in patching vulnerabilities and a lack of consumer security awareness provide cyber actors with opportunities to exploit these devices," the agency said.

ON THE RECORD

"If a healthcare delivery organization has enabled the optional Paceart Messaging Service in the Paceart Optima system, an unauthorized user could exploit this vulnerability to perform remote code execution and/or denial-of-service attacks by sending specially crafted messages to the Paceart Optima system," CISA said in the advisory.

Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.

Topics: 
Medical Devices, Network Infrastructure, Privacy & Security

More regional news

Nurses huddled together look at electronic health records on a tablet.

Epic and Marquette collaborate on EHR training for nursing students

By
Andrea Fox
October 31, 2023
HHS headquarters in Washington

New information blocking rules from HHS could cost noncompliant providers thousands

By
Mike Miliard
October 31, 2023
Physician using multiple EHRs and IT systems

Clinician EHR struggles compromise patient care, study shows

By
Nathan Eddy
October 31, 2023
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

HHS headquarters in Washington
New information blocking rules from HHS could cost noncompliant providers thousands

Most Read

Covenant Health advances hospital-at-home program
Guardrails, data governance key to solid generative AI outcomes
AHA security leader sees 'AI-fueled cyber arms race'
Multiple data access deals signed in Korea for digital health research
FBI dismantles Qakbot malware targeting hospitals
Boards are grasping cyber threats, but CISOs still feel underprepared

Research

White Papers

More Whitepapers

Artificial Intelligence
Analytics
Precision Medicine

Webinars

More Webinars

Analytics
Analytics
Privacy & Security

Video

Elise Kohl-Grant, cochair of the programming committee at the HIMSS New York State Chapter
New York State Chapter of HIMSS focuses on health equity
Dr. Michael Poku, chief clinical officer at Equality Health
Addressing health equity's cost curve
Dr. Michael Pfeffer at Stanford Health Care_Photo: Doctor using tablet by Sean Anthony Eddy/E+/Getty Images
CIO Spotlight: Dr. Michael Pfeffer of Stanford Health Care
Lynn Carroll, COO of HSBlox
Using tech to get to health equity-social determinants of health link

More Stories

A pharmacist doing an inventory using a digital tablet.
There is no escaping making investments in cybersecurity...
group of healthcare workers talking over hospital bed
Modernizing clinical placement to accelerate clinician training and recruitment
A male doctor sits with another man and they are looking at SDOH data on a mobile device.
Tufts Medical Center to pilot nutrition screening in EHR
Lynn Carroll, COO of HSBlox
Using tech to get to health equity-social determinants of health link
Yale New Haven Health
Yale New Haven radiologists boost CT scan reviews with AI
Dubai Health Authority
The current state of Dubai’s healthcare digital transformation journey
Leah Dewey, VP of clinical and consumer engagement operations at Cotiviti.
Payers have a part to play in addressing health disparities
Christie Teigland, vice president of research science and advanced analytics at Inovalon.
Medicare Advantage plans' star ratings to be affected by Health Equity Index