FDA issues alert about hacking vulnerabilities in heart defibrillators

The US Food and Drug Administration (FDA) issued a safety alert about two cybersecurity vulnerabilities affecting Medtronic implantable cardiac devices, programmers, and home monitors. The first vulnerability can allow improper access to data sent between a defibrillator and an external device like patients’ home monitors or in-office programming computers used by doctors. The second vulnerability enables an attacker to retrieve private sensitive information out of the device (e.g. patient name and past health data). The FDA is not expected to issue a recall and the vulnerabilities will be addressed through a future software patch.