Press Release | Newsroom | Medtronic | Medtronic Statement on Medical Device Security

Press Release

Printer Friendly Version View printer-friendly version
Download PDF Download PDF
<< Back
Medtronic Statement on Medical Device Security

Medtronic, Inc.

Medtronic takes device security and any threat to patient safety seriously. Medtronic is actively engaged with security research firms and regularly conducts and uses independent assessments to improve the security of our systems. We continuously monitor the security of our devices and if new vulnerabilities are revealed, Medtronic will assess whether additional security measures can be implemented without compromising the therapy that the device is designed to deliver to patients.

The security risk specifically for implantable cardiac devices is low, because of the communications used with these devices:

  • Proximity Communications:  For many wireless devices, someone attempting to manipulate a device would need to be in very close physical proximity to the patient and therefore would likely be seen by the patient or the patient’s caregivers. While security researchers – in controlled laboratory settings – have been able to manipulate devices due to their close proximity to a device, malicious device manipulators are unrealistic in a real-life setting.
  • Distance Communications:  For wireless devices which allow for communication from a longer distance, the means to communicate is enabled only when needed to provide treatment to the patient or to monitor the patient’s condition. So, the potential time period during which an implantable cardiac device could be breached is quite brief and variable. This means an attacker would need to be constantly attentive to when a device might be enabled, which is unlikely.

While the likelihood of a malicious security breach of a patient’s device is low – and we are not aware of any security breaches involving patients implanted with cardiac devices – Medtronic has addressed device security in the design development process by implementing measures to safeguard patient safety.

We continue to assess the security of our devices. If new vulnerabilities are revealed, Medtronic will assess whether additional security measures can be implemented without compromising the therapy which the device is designed to deliver for patients.

Medtronic acknowledges the continued contributions made by the academic community toward the advancement of implantable medical device security and patient safety. We welcome the opportunity to work with security experts, government regulators and other stakeholders to make devices as secure as possible.

X