Medtronic taps IoT security Startup system to Prevent Pacemaker Hacks

Medtronic has turned to aptly named cyber security Startup Sternum to protect its cardiac pacemakers from hackers. Their collaboration comes only a few months after the federal Cyber security and the Infrastructure securityy Agency pondered on preventing the hackers from ending the backend interface of the company’s software.

The Agency also issued a warning about vulnerabilities in Medtronic’s MyCarelink patient monitoring system. Even hackers complying with low skill levels could enter their way through the system using Bluetooth and potentially manipulate a connected pacemaker. The potential breach and the first official attack were reported to Medtronic by the cyber security startup Sternum itself.

“There’s this endless race against vulnerability, so when a company discovers a vulnerability, they need to issue an update, but updating can be very difficult in the medical space, and until the update happens, the devices are vulnerable,” Sternum CEO Natali Tshuva told the news outlets in an interview.The new partnership with Sternum is more of a long-term fix. With the help of Israel-based connectivity startup Sternum, Medtronic has now secured approximately 100,000 of its devices. Sternum’s platform, unveiled this month, protects existing Internet of Things devices with a simple software update rather than a total coding rewrite.

Medtronic finished securing all affected devices earlier this month, when it noted, “To date, no cyberattack, privacy breach or patient harm has been observed or associated with these vulnerabilities.”Previously in March 2019, Medtronic disclosed potential vulnerabilities in several of its implantable cardiac devices linked to the Conexus wireless communication protocol. Though the security problems pose threats of hackers gaining access to the systems, connected monitors, or the clinical programming devices, both Medtronic and FDA insisted on contestability use of the devices.