The CISA is warning of a severe (9.8 out of 10) vulnerability in Medtronic’s Paceart Optima software that runs on the healthcare organization’s Windows server which stores and retrieves cardiac device data from programmers and remote monitoring systems from all major cardiac device manufacturers.
Medtronic said the vulnerability is within the Paceart Optima software’s messaging service which allows healthcare organizations to send fax, email, and pager messages within the system.
Medtronic has not seen any exploitation of the bug so far but said in a security bulletin:
“This vulnerability could result in a healthcare delivery organization’s Paceart Optima system’s cardiac device data being deleted, stolen, or modified, or the Paceart Optima system being used for further network penetration.”
Medtronic’s security bulletin includes immediate and temporary steps for healthcare delivery organizations and encourages those affected to work with Medtronic Paceart technical support to install an update to eliminate the vulnerability.
George McGregor, VP, Approov had this comment:
“The Optima software aggregates and displays cardiac data collected from multiple sources so a vulnerability here can have major consequences. But it is also important to evaluate the interplay of embedded devices such as insulin pumps, cardiac monitors and pacemakers and the associated mobile apps which are increasingly used to collect data and control the device. A look at medical device manufacturer security advisories seems to suggest that this can be a major attack surface which must be protected.”
Roy Akerman, Co-Founder & CEO, Rezonate follows up with this:
“Healthcare is constantly at the forefront dealing with an expanded attack surfaces – as in the case of the Optima software with a vulnerable MIoT (Medical Internet of Things). As RCE can be enabled if exploited, instant patching based on guidance provided by Medtronic is advised. Most often priority is defined based on exploitability, overall risk and impact, and access, in this case, when the risk may include deadly consequences, priority should be applied for an immediate patch and monitoring.”
Given how much we now rely on tech in healthcare, issues like these should not happen. Companies need to take more care to ensure that vulnerabilities like these aren’t threats to patient care.
Like this:
Like Loading...
Related
This entry was posted on July 6, 2023 at 8:30 am and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
CISA Warns Of A Vulnerability In Medtronic’s Software
The CISA is warning of a severe (9.8 out of 10) vulnerability in Medtronic’s Paceart Optima software that runs on the healthcare organization’s Windows server which stores and retrieves cardiac device data from programmers and remote monitoring systems from all major cardiac device manufacturers.
Medtronic said the vulnerability is within the Paceart Optima software’s messaging service which allows healthcare organizations to send fax, email, and pager messages within the system.
Medtronic has not seen any exploitation of the bug so far but said in a security bulletin:
“This vulnerability could result in a healthcare delivery organization’s Paceart Optima system’s cardiac device data being deleted, stolen, or modified, or the Paceart Optima system being used for further network penetration.”
Medtronic’s security bulletin includes immediate and temporary steps for healthcare delivery organizations and encourages those affected to work with Medtronic Paceart technical support to install an update to eliminate the vulnerability.
George McGregor, VP, Approov had this comment:
“The Optima software aggregates and displays cardiac data collected from multiple sources so a vulnerability here can have major consequences. But it is also important to evaluate the interplay of embedded devices such as insulin pumps, cardiac monitors and pacemakers and the associated mobile apps which are increasingly used to collect data and control the device. A look at medical device manufacturer security advisories seems to suggest that this can be a major attack surface which must be protected.”
Roy Akerman, Co-Founder & CEO, Rezonate follows up with this:
“Healthcare is constantly at the forefront dealing with an expanded attack surfaces – as in the case of the Optima software with a vulnerable MIoT (Medical Internet of Things). As RCE can be enabled if exploited, instant patching based on guidance provided by Medtronic is advised. Most often priority is defined based on exploitability, overall risk and impact, and access, in this case, when the risk may include deadly consequences, priority should be applied for an immediate patch and monitoring.”
Given how much we now rely on tech in healthcare, issues like these should not happen. Companies need to take more care to ensure that vulnerabilities like these aren’t threats to patient care.
Share this:
Like this:
Related
This entry was posted on July 6, 2023 at 8:30 am and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.