Adriatic
Argentina
Asia-Pacific
Australia and New Zealand
Bangladesh
Belgique (Belgium)
België (Belgium)
Brasil (Brazil)
Bulgaria
Canada
Canada
Česká republika (Czech Republic)
Chile
中国 (China)
Colombia
Costa Rica
Србија (Serbia)
Danmark (Denmark)
Deutschland (Germany)
Ecuador
España (Spain)
Europe
France
Ελλάδα (Greece)
香港特区 (Hong Kong SAR)
Indian Subcontinent
Ireland
Israel ישראל
Italia (Italy)
日本 (Japan)
Latinoamérica
Magyarország (Hungary)
México (Mexico)
Middle East and North Africa
Nederland (Netherlands)
Norge (Norway)
Österreich (Austria)
Panama
Portugal
Paraguay
Perú (Peru)
Polska (Poland)
Российская Федерация (Russia)
Puerto Rico
Romania
Schweiz (Switzerland)
Slovenská republika (Slovak Republic)
Southeast Asia
South Africa and Sub-Sahara
대한민국 (South Korea)
Suisse (Switzerland)
Suomi (Finland)
Sverige (Sweden)
台湾地区 (Taiwan)
Türkiye (Turkey)
United Kingdom
United States
Uruguay
Україна (Ukraine)
Press releases
Oct 19, 2013
Medtronic Statement on Medical Device Security
Medtronic takes device security and any threat to patient safety seriously. Medtronic is actively engaged with security research firms and regularly conducts and uses independent assessments to...
Medtronic takes device security and any threat to patient safety seriously. Medtronic is actively engaged with security research firms and regularly conducts and uses independent assessments to improve the security of our systems. We continuously monitor the security of our devices and if new vulnerabilities are revealed, Medtronic will assess whether additional security measures can be implemented without compromising the therapy that the device is designed to deliver to patients.
The security risk specifically for implantable cardiac devices is low, because of the communications used with these devices:
- Proximity Communications: For many wireless devices, someone attempting to manipulate a device would need to be in very close physical proximity to the patient and therefore would likely be seen by the patient or the patient’s caregivers. While security researchers – in controlled laboratory settings – have been able to manipulate devices due to their close proximity to a device, malicious device manipulators are unrealistic in a real-life setting.
- Distance Communications: For wireless devices which allow for communication from a longer distance, the means to communicate is enabled only when needed to provide treatment to the patient or to monitor the patient’s condition. So, the potential time period during which an implantable cardiac device could be breached is quite brief and variable. This means an attacker would need to be constantly attentive to when a device might be enabled, which is unlikely.
While the likelihood of a malicious security breach of a patient’s device is low – and we are not aware of any security breaches involving patients implanted with cardiac devices – Medtronic has addressed device security in the design development process by implementing measures to safeguard patient safety.
We continue to assess the security of our devices. If new vulnerabilities are revealed, Medtronic will assess whether additional security measures can be implemented without compromising the therapy which the device is designed to deliver for patients.
Medtronic acknowledges the continued contributions made by the academic community toward the advancement of implantable medical device security and patient safety. We welcome the opportunity to work with security experts, government regulators and other stakeholders to make devices as secure as possible.