Medtronic MyCareLink Patient Monitor (Update A)

Risk Summary

Successful exploitation of these vulnerabilities could lead to system compromise, unauthorized access to sensitive data, and manipulation of the monitor's functionality.

CVEs (6)

Remediations

• The identified vulnerabilities were reported as low-risk findings. An attacker would need to physically tamper with the monitor to exploit them. In response, starting in June 2025, Medtronic began deploying security updates to address these findings.
• Medtronic recommends the following actions:
• The security update process is performed automatically when the monitor is connected to the internet. Users should ensure that their remote monitor is plugged in to receive updates.
• Physicians should continue to prescribe monitors as intended.
• Users should maintain possession of their home monitor.
• Users should only use home monitors provided directly from a healthcare provider or a Medtronic representative.
• Users needing additional assistance should contact [email protected].
• For more information regarding these vulnerabilities, refer to Medtronic's security bulletin.
• Users should follow CISA's guidance in the following areas:
• Securing the Internet of Things
• Home Network Security

Affected Vendors

Affected Products (2)

Affected Sectors

Healthcare and Public Health