Medtronic N'Vision Clinician Programmer (Update A)

Risk Summary

As part of the normal functionality of this device, the N 'Vision Clinician Programmer may store Personal Health Information (PHI) or Personal Identifying Information (PII). Successful exploitation of these vulnerabilities may allow an attacker with physical access to an 8870 N 'Vision Compact Flash card to access this PHI or PII.

CVEs (2)

Remediations

• Medtronic has not developed a product update to address the vulnerabilities, but is reinforcing security reminders within this advisory to help reduce the risk associated with the vulnerabilities.
• The 8870 Therapy Application card stores PHI and PII as part of its normal operating procedure and should be handled, managed and secured in a manner consistent with the applicable laws for patient data privacy.
• Medtronic recommends users take additional defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, hospitals and clinicians should:
• Medtronic has released additional patient focused information, at the following location:
• https://www.medtronic.com/security

Affected Vendors

Affected Products (2)

Affected Sectors

Healthcare and Public Health