CISA warns of high-risk cyber vulnerability for Medtronic cardiac device data management system

Jul 06, 2023 - 03:11 PM
cybersecurity-hand-lock-graphic_900x400

The Cybersecurity & Infrastructure Security Agency is warning of a significant, high-risk vulnerability in Medtronic’s Paceart Optima System, which is used to compile and manage patients’ cardiac device data. CISA says the system’s versions 1.11 and prior are at risk of exploitation by unauthorized users, who can then perform remote code executions or launch denial-of-service attacks. The latter could slow or render the system unresponsive. 
 
Medtronic recommends immediately updating the Paceart Optima system to v1.12 to mitigate this issue. Contact Medtronic to schedule an upgrade and read CISA’s alert for a list of mitigation steps Medtronic recommends taking until the upgrade to v1.12 can be completed. 
  
“As with many medical device cyber vulnerabilities, hospitals and health systems are dependent upon third-party medical device manufacturers (MDM) to develop and deploy patches, which may require an extended time for the MDM to fully implement across its customer base,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “In this case, we hope that Medtronic has devoted sufficient resources to handle the increased demand for the upgrade to v1.12 to mitigate this critical vulnerability in an expedited manner. In the interim, per CISA and Medtronic, it is recommended that organizations manually disable the Paceart Messaging Service on the application server. This issue also serves as reminder for hospitals and health systems to ensure efficient communication and alignment between clinical engineering and information security teams for efficient monitoring and mitigation of cyber vulnerabilities present in medical devices.” 

Related News Articles

Headline
Agencies release guidance on hardening network devices in response to cyber espionage campaign by hackers linked to Chinese government
New guidance released yesterday by the Cybersecurity and Infrastructure Security Agency, National Security Agency and FBI informs health care and other…
Headline
Advisory warns of activity by BianLian ransomware group 
A joint advisory released Nov. 20 by the Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency and international partners warns of…
Headline
DOJ: Russian national charged with cybercrimes for ransomware attacks on hospitals, other entities 
The Department of Justice Nov. 18 announced criminal charges against Evgenii Ptitsyn, a Russian national, for allegedly administering the sale, distribution…
Headline
UN Security Council meeting discusses impact of ransomware attacks on hospitals 
A United Nations Security Council meeting the week of Nov. 4 discussed ransomware and the severe impacts that cyberattacks can have on hospitals and health…
Headline
AHA's Pollack breaks down role of hospitals in the future of health care on Pinkston podcast 
AHA President and CEO Rick Pollack was recently a guest on Pinkston's "To the Point" podcast to discuss the future of U.S. health care, touching on a range of…
Headline
Agencies provide cyberthreat updates and resources leading up to election 
The Cybersecurity and Infrastructure Security Agency, FBI and other federal agencies have created a webpage with the latest cyberthreat updates and information…