The U.S. Dept. of Homeland Security has issued a medical advisory warning of vulnerabilities and exploits against Medtronic’s implantable CRM devices and ancillaries. These exploits could allow an attacker to affect the functionality of the devices or intercept sensitive data.
The exploit affects Medtronic devices that use its Conexus telemetry protocol. Affected devices include all models of the Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, Viva CRT-D, the CareLink 2090 Programmer, the 2490C version of its CareLink Monitor and versions 24950 and 24952 of its MyCareLink Monitor.
Medical Advisory (ICSMA-19-080-01) can be read at: https://ics-cert.us-cert.gov/advisories/ICSMA-19-080-01