Medtronic Disables Updates For Pacemaker Programmer Due To Vulnerability, Israel’s National Emergency Service Websites Exposed Patient Data

9 - 16 October 2018

The Committee of Inquiry (COI) into the SingHealth cyberattack in June heard that the attacker had installed a customised malware that had not been seen elsewhere and used modified open source tools that evaded anti-virus software.
Global medical equipment company Medtronic disabled internet updates for 34,000 CareLink programming devices, which many healthcare providers use to access implanted pacemakers, over a vulnerability that could cause harm to patient in a cyberattack. The vulnerability affects the internet-based platform for updating CareLink 2090 and CareLink Encore 29901 and enables hackers to update malicious software onto the programming devices. The vulnerability was discussed by researchers at the Black Hat hacking conference in August. Medtronic said it knows of no cases where the vulnerability had been exploited by hackers.

In addition, a white hat hacker found serious security flaws in the websites of Magen David Adom, Israel’s national emergency medical, disaster, ambulance and blood bank service, that exposed the data of volunteers and patients. Simply by changing the parameters on the websites, the hacker said that he could access patient data such as names, addresses, phone numbers, ID numbers, and credit card details. He could also control and download the entire database through a volunteer website, and rewrite code to shut down the system and disrupt ambulance service. Magen David Adom has taken down all affected websites. 

[1] Medtronic disables pacemaker programmer updates over hack concern
[2] Medical Information Leaked After Hackers Breach Israeli Emergency Responders' Website

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence