CISA warns of high-risk cyber vulnerability for Medtronic cardiac device data management system

Jul 06, 2023 - 03:11 PM
cybersecurity-hand-lock-graphic_900x400

The Cybersecurity & Infrastructure Security Agency is warning of a significant, high-risk vulnerability in Medtronic’s Paceart Optima System, which is used to compile and manage patients’ cardiac device data. CISA says the system’s versions 1.11 and prior are at risk of exploitation by unauthorized users, who can then perform remote code executions or launch denial-of-service attacks. The latter could slow or render the system unresponsive. 
 
Medtronic recommends immediately updating the Paceart Optima system to v1.12 to mitigate this issue. Contact Medtronic to schedule an upgrade and read CISA’s alert for a list of mitigation steps Medtronic recommends taking until the upgrade to v1.12 can be completed. 
  
“As with many medical device cyber vulnerabilities, hospitals and health systems are dependent upon third-party medical device manufacturers (MDM) to develop and deploy patches, which may require an extended time for the MDM to fully implement across its customer base,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “In this case, we hope that Medtronic has devoted sufficient resources to handle the increased demand for the upgrade to v1.12 to mitigate this critical vulnerability in an expedited manner. In the interim, per CISA and Medtronic, it is recommended that organizations manually disable the Paceart Messaging Service on the application server. This issue also serves as reminder for hospitals and health systems to ensure efficient communication and alignment between clinical engineering and information security teams for efficient monitoring and mitigation of cyber vulnerabilities present in medical devices.” 

Related News Articles

Headline
Agencies issue joint statement on AI and increased cyber risk
Leaders of the Five Eyes cybersecurity agencies, consisting of Australia, Canada, New Zealand, the United Kingdom and the United States, released a joint…
Headline
Administration releases memo on cybersecurity governance for national security systems
President Trump issued a memorandum June 12 on cybersecurity governance for national security systems used by federal agencies. The memo re-establishes and…
Headline
Automatic tank gauge systems targeted by cyber actors, agencies warn
The Cybersecurity and Infrastructure Security Agency and other federal agencies released a fact sheet June 2 on malicious cyber activity targeting U.S.-based…
Headline
Alert warns of cyber campaign by Chinese military intelligence to obtain classified or privileged information
The FBI and international agencies have released an alert on Chinese military intelligence services using professional networking sites and online job…
Headline
White House issues executive order on cybersecurity for AI
The White House issued an executive order June 2 on cybersecurity efforts regarding artificial intelligence. The order instructs federal…
Headline
Guide issued for healthcare organizations on cyber governance frameworks for secure AI implementation 
The Health Sector Coordinating Council’s Cybersecurity Working Group has released a guide to help healthcare organizations establish cyber governance…