Medtronic Releases Security Advisory for MyCareLink Patient Monitors

Medtronic has released a security advisory that addresses multiple vulnerabilities affecting their MyCareLink patient monitors.

Threat ID:: CC-2521
Category:
Threat Severity:: Low
Threat Vector:
Published:: 29 June 2018 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

Medtronic has released a security advisory that addresses multiple vulnerabilities affecting their MyCareLink patient monitors.

Threat details

If exploited, these vulnerabilities may allow privileged access to the monitor’s operating system. However, physical access to the MyCareLink monitor is required. Additionally, these vulnerabilities may allow a MyCareLink monitor, when operated within close physical proximity of an implantable cardiac device, to read and write arbitrary memory values of that device.

For further information:

ICS-CERT Advisory ICSMA-18-179-01

Remediation steps

Type	Step
	Users and administrators are encouraged to review the Medtronic's June 28, 2018 Security Bulletin and apply the necessary updates and mitigations.

Last edited: 17 February 2020 12:48 pm