Medical device vendor disables internet updates over hacking risk, FDA alerts

The FDA issued a cybersecurity alert on two Medtronic devices that could be hacked to change their function. 34,000 CareLink cardiac implantable electronic devices are at risk. Medtronic has disabled the online software update to fix the flaw and is implementing additional security updates. The FDA recommends using the programmers but not attempting updates through the SDN. Medical device vulnerabilities have increased since the FDA released its cybersecurity guidance in 2016. Medtronic, Philips, Abbott, and others have reported vulnerabilities in recent years.