CISA warns of high-risk cyber vulnerability for Medtronic cardiac device data management system

Jul 06, 2023 - 03:11 PM
cybersecurity-hand-lock-graphic_900x400

The Cybersecurity & Infrastructure Security Agency is warning of a significant, high-risk vulnerability in Medtronic’s Paceart Optima System, which is used to compile and manage patients’ cardiac device data. CISA says the system’s versions 1.11 and prior are at risk of exploitation by unauthorized users, who can then perform remote code executions or launch denial-of-service attacks. The latter could slow or render the system unresponsive. 
 
Medtronic recommends immediately updating the Paceart Optima system to v1.12 to mitigate this issue. Contact Medtronic to schedule an upgrade and read CISA’s alert for a list of mitigation steps Medtronic recommends taking until the upgrade to v1.12 can be completed. 
  
“As with many medical device cyber vulnerabilities, hospitals and health systems are dependent upon third-party medical device manufacturers (MDM) to develop and deploy patches, which may require an extended time for the MDM to fully implement across its customer base,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “In this case, we hope that Medtronic has devoted sufficient resources to handle the increased demand for the upgrade to v1.12 to mitigate this critical vulnerability in an expedited manner. In the interim, per CISA and Medtronic, it is recommended that organizations manually disable the Paceart Messaging Service on the application server. This issue also serves as reminder for hospitals and health systems to ensure efficient communication and alignment between clinical engineering and information security teams for efficient monitoring and mitigation of cyber vulnerabilities present in medical devices.” 

Related News Articles

Headline
Microsoft warns of sophisticated phishing campaign heavily targeting health care organizations
Microsoft Threat Intelligence is warning of a large scale, multistage phishing campaign that disproportionately targeted the health care sector, sending “code…
Headline
CISA announces initiative to bolster critical infrastructure against nation-state cyberattacks
The Cybersecurity and Infrastructure Security Agency has launched a new initiative for critical infrastructure to defend against cyberattacks through proactive…
Headline
Webinar to explore AI use in cybersecurity, health care technology 
John Riggi, AHA national advisor for cybersecurity and risk, will moderate a webinar May 5 at 1 p.m. ET that will explore how bad actors are leveraging…
Headline
AHA, Joint Commission announce cybersecurity readiness effort 
The AHA and Joint Commission May 4 announced the launch of the Cyber Resilience Readiness program, an initiative to help hospitals and health systems assess…
Headline
Agencies issue guidance on adopting agentic AI systems
The Cybersecurity and Infrastructure Security Agency, National Security Agency and international partners have released guidance on adopting agentic artificial…
Headline
Advisory details shifting tactics of Chinese cyber actors using covert networks for malicious activity
A joint advisory released April 23 from U.S. and international cybersecurity agencies, including the Cybersecurity and Infrastructure Security Agency, FBI,…