The Department of Homeland Security issued a warning about two security vulnerabilities in Boston Scientific’s portable cardiac rhythm management systems.
All versions of the Zoom Latitude device are affected, and the identified vulnerabilities may allow hackers to obtain patients’ health information, the DHS said.
Physical access is required for successful exploitation but even cyber attackers with a low skill level would be able to exploit the products’ vulnerabilities.
The products are used worldwide to communicate with patients’ implanted pacemakers and defibrillators. They use a cryptographic key to encrypt patients’ health information prior to having it transferred to removable media, but not while they are inactive.