Security researchers say they’ve found flaws in the Medtronic pacemaker that leaves the life-saving device vulnerable to hackers and puts patients at risk.
Billy Rios and Jonathan Butts say they’ve found vulnerabilities that compromise the pacemaker’s programmer, which can control the electrical impulses that are sent to the heart to regulate a patient’s heartbeat. There are about 33,000 of these programmers in use—called the CareLink 2090.
Rios and Butts demonstrated the security weaknesses earlier this month at the annual Black Hat cyber security conference in Las Vegas, one of the industry’s most prestigious annual meetings.
Rios, who founded a startup focused on embedded device security called WhiteScope, says he presented his research publicly because he is frustrated by what he calls Medtronic’s slow response to addressing and fixing these flaws.
“They are more interested in protecting their brand than their patients,” Rios told CNBC, noting that the technical fix for these vulnerabilities is relatively easy.
For its part, the medical device company says the likelihood of a successful cyber attack is low, and that the company is not aware of any security breaches involving patients with its medical devices.
“All medical devices carry some associated risk, and, like the regulators, we continuously strive to balance the risks against the benefits our devices provide,” Medtronic said in a statement.