[{"@context":"https:\/\/schema.org\/","@type":"BlogPosting","@id":"https:\/\/www.grossmcginley.com\/resources\/blog\/medical-device-vulnerable-to-hackers\/#BlogPosting","mainEntityOfPage":"https:\/\/www.grossmcginley.com\/resources\/blog\/medical-device-vulnerable-to-hackers\/","headline":"Medical Device Vulnerable to Hackers","name":"Medical Device Vulnerable to Hackers","description":"The world\u2019s largest medical device manufacturer, Medtronic, Inc. &#8211; based in Minnesota &#8211;\u00a0 recently announced that many [&hellip;]","datePublished":"2019-06-05","dateModified":"2021-09-21","author":{"@type":"Person","@id":"https:\/\/www.grossmcginley.com\/resources\/author\/jlw\/#Person","name":"Jennifer L. Weed","url":"https:\/\/www.grossmcginley.com\/resources\/author\/jlw\/","identifier":37,"image":{"@type":"ImageObject","@id":"https:\/\/secure.gravatar.com\/avatar\/4a94ee97ce4ebeb86eb75de61fd173b2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/4a94ee97ce4ebeb86eb75de61fd173b2?s=96&d=mm&r=g","height":96,"width":96}},"publisher":{"@type":"Organization","name":"Gross McGinley, LLP","logo":{"@type":"ImageObject","@id":"https:\/\/www.grossmcginley.com\/wp-content\/uploads\/2017\/10\/logopng-00436945-e1531508982151.png","url":"https:\/\/www.grossmcginley.com\/wp-content\/uploads\/2017\/10\/logopng-00436945-e1531508982151.png","width":600,"height":60}},"image":{"@type":"ImageObject","@id":"https:\/\/www.grossmcginley.com\/wp-content\/uploads\/2019\/06\/medtronic-device-vulnerability-law.jpg","url":"https:\/\/www.grossmcginley.com\/wp-content\/uploads\/2019\/06\/medtronic-device-vulnerability-law.jpg","height":800,"width":800},"url":"https:\/\/www.grossmcginley.com\/resources\/blog\/medical-device-vulnerable-to-hackers\/","about":["Blog"],"wordCount":354,"keywords":["Internet","Medical Malpractice Defense","Privacy &amp; Media","Privacy and Data Security"],"articleBody":"The world\u2019s largest medical device manufacturer, Medtronic, Inc. &#8211; based in Minnesota &#8211;\u00a0 recently announced that many of its implanted cardiac defibrillators use an unencrypted wireless program that could allow computer hackers to change the settings. The defibrillators at issue are used to correct life-threatening arrhythmias.The Cybersecurity and Infrastructure Security Agency, a division of the U.S. Department of Homeland Security, issued a \u00a0Medical Advisory bulletin on March 21, 2019, advising that Medtronic devices utilizing the Conexus telemetry protocol in cardiac defibrillators \u201cmay allow an attacker with adjacent short-range access to one of the affected products to interfere with, generate, modify, or intercept the radio frequency (RF) communication of the Medtronic proprietary Conexus telemetry system, potentially impacting product functionality and\/or allowing access to transmitted sensitive data.\u201d\u00a0 Conexus is a wireless protocol which links the defibrillators with home monitors and with physicians and device programmers in remote locations.\u00a0 The flaw identified in the communication protocol was given a vulnerability score of 9.3, close to the top of the 10-point scale. The bulletin states that an unauthorized individual with a \u201clow skill level\u201d could gain access to the equipment\u2019s setting and possibly change them. Approximately 750,000 heart devices are affected, according to Medtronic.To date, there are no reported cases of unauthorized hackers changing the settings on implanted cardiac defibrillators. The Agency stated that while a successful attack would not be difficult to pull of technically, the likelihood of an attack succeeding was low because the devices use radio frequency transmissions, and therefore can transmit only about 20 feet.\u00a0 Accordingly, a would-be hacker would need to be in the same room as the targeted equipment.In response to the Homeland Security bulletin, Medtronic said it planned to develop a software program to fix to its Conexus protocol.\u00a0 In the meantime, the FDA advised that patients should keep their equipment plugged in at all times so that it can receive updates. The FDA does not intend to issue a recall at this time.Attorney Jennifer Weed is a member of the firm&#8217;s Medical Malpractice Defense Group, counseling hospitals and medical professionals in medical malpractice litigation and risk management matters."},{"@context":"https:\/\/schema.org\/","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Resources","item":"https:\/\/www.grossmcginley.com\/resources\/#breadcrumbitem"},{"@type":"ListItem","position":2,"name":"Blog","item":"https:\/\/www.grossmcginley.com\/resources\/\/blog\/#breadcrumbitem"},{"@type":"ListItem","position":3,"name":"Medical Device Vulnerable to Hackers","item":"https:\/\/www.grossmcginley.com\/resources\/blog\/medical-device-vulnerable-to-hackers\/#breadcrumbitem"}]}]