Medtronic MyCareLink Patient Monitor

Risk Summary

If exploited, these vulnerabilities may allow privileged access to the monitor 's operating system. However, physical access to the MyCareLink monitor is required. Additionally, these vulnerabilities may allow a MyCareLink monitor, when operated within close physical proximity of an implantable cardiac device, to read and write arbitrary memory values of that device.

CVEs (2)

Remediations

• Medtronic will release several rolling over-the-air product updates that will mitigate the vulnerabilities described within this advisory. These updates will be applied to devices automatically as part of standard, reoccurring update processes. In addition, Medtronic has increased security monitoring of affected devices and related infrastructure.
• Medtronic recommends users take additional defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
• Medtronic has released additional patient focused information, at the following location:
• https://www.medtronic.com/security

Affected Vendors

Affected Products (2)

Affected Sectors

Healthcare and Public Health