CVE-2021-38392

The CVE-2021-38392 entry concerns the Boston Scientific Zoom Latitude Programmer/Recorder/Monitor (PRM) Model 3120. The vulnerability is an improper access control that could allow a skilled attacker with physical access to gain access to the device’s hard drive, change the telemetry region, and ...

CVE-2019-6538 Medtronic Conexus Radio Frequency Telemetry Protocol Improper Access Control

The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro IC...

Remote Code Implantation Flaw Found in Medtronic Cardiac Programmers

A flaw in Medtronic’s CareLink 2090 and CareLink Encore 29901 programmers, which are portable computer systems used to manage implanted cardiac devices in clinical settings, would have allowed remote code implantation over Medtronic’s dedicated Software Deployment Network SDN. The programmers are...

CVE-2018-8868

Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can exploit oth...

Over 8,600 Vulnerabilities Found in Pacemakers

"If you want to keep living, Pay a ransom, or die." This could happen, as researchers have found thousands of vulnerabilities in Pacemakers that hackers could exploit. Millions of people that rely on pacemakers to keep their hearts beating are at risk of software glitches and hackers, which could...

St. Jude Medical Patches Vulnerable Cardiac Devices

St. Jude Medical today released an update for the Merlin@home Transmitter medical device that includes a patch for vulnerabilities made public last year in a controversial disclosure by research company MedSec Holdings and hedge fund Muddy Waters. In a paper published last August, Muddy Waters sa...

Medical Devices Vulnerable to Hacking

A heart defibrillator remotely controlled by a villainous hacker to trigger a fatal heart attack? Yes now its possible, The Government Accountability Office has released a report warning that medical devices are vulnerable to hacking and calling for greater FDA oversight of such devices. The...

Medical Device Security in Need of Major Upgrade

Security researchers and hackers have spent the last 20 years or so tearing apart all manner of software and hardware, looking for vulnerabilities, attack vectors and bugs, and the advent of embedded and implantable devices has now drawn their attention to this new class of targets. Medical...

FDA Urged to More Rigorously Evaluate Medical Devices' Security Risks

Lawmakers are urging the Food and Drug Administration to more thoroughly vet certain implantable medical devices for security, not just safety, risks. They include life-saving defibrillators, insulin pumps and pacemakers, which have been shown in recent years to be vulnerable to remote attacks...

DHS Warns About Threat Of Mobile Devices In Healthcare

In a bulletin, the Department of Homeland Security DHS is warning healthcare organizations about the threat posed by insecure, network attached medical devices and the proliferation of smart phones, tablet PCs and other mobile devices in medical settings. DHS’s National Cybersecurity and...