FDA Issues Cybersecurity Warning for Medtronic Cardiac Device Programmers

The FDA flagged cybersecurity vulnerabilities in two programmers for implantable cardiac devices manufactured by Medtronic and the agency approved a software update that will allow providers to continue using the programmers without connecting to the internet.

The Carelink and Carelink Encore programmers are used during implantation and follow-up visits for implantable cardiac devices, including pacemakers, defibrillators, cardiac resynchronization devices and insertable cardiac monitors.

The programmer software can be updated either through an internet connection to the Medtronic Software Distribution Network or by a Medtronic representative plugging directly into the device. The new software blocks internet access by the programmers to the Medtronic network.