CISA warns of high-risk cyber vulnerability for Medtronic cardiac device data management system

Jul 06, 2023 - 03:11 PM
cybersecurity-hand-lock-graphic_900x400

The Cybersecurity & Infrastructure Security Agency is warning of a significant, high-risk vulnerability in Medtronic’s Paceart Optima System, which is used to compile and manage patients’ cardiac device data. CISA says the system’s versions 1.11 and prior are at risk of exploitation by unauthorized users, who can then perform remote code executions or launch denial-of-service attacks. The latter could slow or render the system unresponsive. 
 
Medtronic recommends immediately updating the Paceart Optima system to v1.12 to mitigate this issue. Contact Medtronic to schedule an upgrade and read CISA’s alert for a list of mitigation steps Medtronic recommends taking until the upgrade to v1.12 can be completed. 
  
“As with many medical device cyber vulnerabilities, hospitals and health systems are dependent upon third-party medical device manufacturers (MDM) to develop and deploy patches, which may require an extended time for the MDM to fully implement across its customer base,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “In this case, we hope that Medtronic has devoted sufficient resources to handle the increased demand for the upgrade to v1.12 to mitigate this critical vulnerability in an expedited manner. In the interim, per CISA and Medtronic, it is recommended that organizations manually disable the Paceart Messaging Service on the application server. This issue also serves as reminder for hospitals and health systems to ensure efficient communication and alignment between clinical engineering and information security teams for efficient monitoring and mitigation of cyber vulnerabilities present in medical devices.” 

Related News Articles

Headline
UnitedHealth Group provides updates on response to Change Healthcare cyberattack
UnitedHealth Group March 7 announced a series of updates on its response to the unprecedented cyberattack against its subsidiary Change Healthcare. In the…
Perspective
We Must Step Up and Meet the Moment Following the Most Serious Cyberattack in History on Our Nation’s Health Care System
In this column last week, we highlighted how the cyberattack against Change Healthcare — a health care technology company that is part of Optum and owned…
Headline
CMS announces flexibilities in response to Change Healthcare attack; Schumer calls for additional action
The Centers for Medicaid & Medicare Services March 5 announced flexibilities intended to help providers continue to serve patients in the wake of the…
Headline
AHA expresses concerns with UHG program in response to cyberattack on Change Healthcare
UnitedHealth Group’s Temporary Funding Assistance Program “is not even a band-aid on the payment problems you identify,” AHA wrote March 4 in a message to UHG…
Headline
AHA urges Congress to provide support to help minimize further fallout from Change Healthcare attack 
The AHA March 4 urged Congress to consider a number of actions to support hospitals’ efforts to care for patients as the entire health care system continues to…
Headline
Agencies recommend action to defend Ivanti VPN gateways from compromise
U.S. and international agencies Feb. 29 urged health care and other critical infrastructure organizations using Ivanti Connect Secure VPN and Ivanti Policy…