The Department of Homeland Security and Minnesota-based Medtronic have issued an alert notifying the public that more than 20 Medtronic products are vulnerable to being hacked.
The alert says hackers with short-range access to the devices can interfere, generate, modify or intercept a radio frequency from Medtronic's Conexus telemetry system, which, in layman's terms, can impact a product's functionality and/or allow hackers to access sensitive data.
Vulnerable products include the MyCareLink Monitor, CareLink Monitor, CareLink 2090 Programmer, and all of the Medtronic implanted cardiac devices listed below.
- MyCareLink Monitor, Versions 24950 and 24952
- CareLink Monitor, Version 2490C
- CareLink 2090 Programmer
- Amplia CRT-D (all models)
- Claria CRT-D (all models)
- Compia CRT-D (all models)
- Concerto CRT-D (all models)
- Concerto II CRT-D (all models)
- Consulta CRT-D (all models)
- Evera ICD (all models)
- Maximo II CRT-D and ICD (all models)
- Mirro ICD (all models)
- Nayamed ND ICD (all models)
- Primo ICD (all models)
- Protecta ICD and CRT-D (all models)
- Secura ICD (all models)
- Virtuoso ICD (all models)
- Virtuoso II ICD (all models)
- Visia AF ICD (all models)
- Viva CRT-D (all models)
According to the Star Tribune, the issue affects up to 750,000 Medtronic products, but not the Fridley-based company's pacemakers.
Medtronic is encouraging anyone with the aforementioned products to maintain physical control of home monitors and programmers; only use products obtained directly from a healthcare provider or Medtronic; avoid connecting devices with USB ports or other physical connections; only connect programmers with implanted devices at a hospital or clinic; only use home monitors in a private or controlled environment; and report any concerning issues to a healthcare provider or Medtronic.
Patients are encouraged to keep monitors and programmers plugged in so they receive important security and software updates.