WhiteScope, a provider of deep security research and security solutions, found cybersecurity vulnerabilities when doing research on Medtronic's CareLink 2090 defibrillator program, according to the Star Tribune.
Here are five things to know:
1. WhiteScope discovered the cybersecurity issues in the defibrillator program could allow hackers to remotely tamper with the programing of the implanted devices.
2. This issue was first brought to Medtronic's attention a year ago. However, the company released a statement saying the vulnerabilities didn't create a safety risk to patients.
3. Homeland Security published an advisory about the issue and noted Medtronic made improvements to its internal integrity network checks and issued advice on keeping the device in secured environments.
4. WhiteScope alleges the cybersecurity issues found in Medtronic's device should take a month or two to address. Two other independent security researchers reviewed the company's report and found the issues are due to CareLink 2090 programmers using commercial software.
5. Medtronic acknowledged the extended time it took to resolve the issue. The company reiterated while the cybersecurity issues were present it did not present harm to patients.
It can be difficult for medical technology companies to address cybersecurity problems immediately. Like Medtronic, companies must determine if patients face a threat first.