Recent Cybersecurity News
For further information, please contact firstname.lastname@example.org.
BIOTRONIK Statement on CardioMessenger II Cybersecurity June 19, 2020
In October 2019, researchers at SINTEF provided a report to BIOTRONIK describing potential cybersecurity concerns associated with CardioMessenger II devices which are no longer available on the market. We would like to reassure patients, healthcare providers and physicians that these devices are safe and can continue to be used as intended.
BIOTRONIK Statement on “SweynTooth” Cybersecurity Vulnerabilities March 4, 2020
The US FDA has issued a Safety Communication regarding a family of cybersecurity vulnerabilities known as SweynTooth, which may introduce risks for certain medical devices that use Bluetooth Low Energy (BLE) wireless communication technology. BIOTRONIK’s medical devices, systems and networks do not use BLE technology and are therefore not affected by the SweynTooth vulnerabilities.
BIOTRONIK Statement on the FDA’s Safety Communication “URGENT/11”
October 4, 2019
The US FDA issued a Safety Communication regarding a set of cybersecurity vulnerabilities, referred to as “Urgent/11” that—if exploited by a remote attacker—may introduce risks for medical devices and hospital networks. These vulnerabilities exist in a third-party software component known as IPnet, which supports network communications between computers. BIOTRONIK’s medical devices, systems and networks do not incorporate IPnet and are therefore not affected by these vulnerabilities.
BIOTRONIK Statement on the Publication ‘Security Testing of the Pacemaker Ecosystem’August 12,2019
The work ‘Security Testing of the Pacemaker Ecosystem’ was recently published as a master’s thesis. This publication investigates the state of cybersecurity of BIOTRONIK’s ICS 3000 programmer. The central thesis of this publication is based on programmer software and not the programmer hardware. The authors inspected the programmer software PSW 1004.U which was released in February 2011. Since the publication inspects outdated, eight-year-old software, cybersecurity measures implemented after 2011 are not considered.
BIOTRONIK Statement on the Medical Advisory and Safety Communication Regarding Medtronic’s Conexus Radio Frequency Telemetry Protocol March 22, 2019
On March 21, 2019, the Department of Homeland Security and the US FDA issued a Medical Advisory and Safety Communication respectively describing two types of cybersecurity vulnerabilities affecting multiple Medtronic devices that utilize the Conexus telemetry protocol. BIOTRONIK utilizes substantially different protocols for both the clinical and the home environment. Moreover, by design, the remote communication system via BIOTRONIK Home Monitoring does not have the functionality to transmit or alter therapeutic commands to the implant.
BIOTRONIK Statement on the Cybersecurity Updates Affecting Medtronic Implantable Cardiac Device Programmers October 18, 2018
On October 11, the US Food and Drug Administration (FDA) issued a Safety Communication regarding cybersecurity updates affecting Medtronic implantable cardiac device programmers, based on an NCCIC Advisory. The FDA’s Safety Communication refers to several vulnerabilities in Medtronic’s implantable cardiac device programmers.None of BIOTRONIK’s devices, programmers or networks are affected by these cybersecurity vulnerabilities or the corrective measures that have been subsequently taken. Neither are any corrective measures necessary for BIOTRONIK’s devices.
Statement on the Cybersecurity of BIOTRONIK Solutions Following WIRED Magazine’s Article on Vulnerabilities in Pacemaker Programmer SystemsAugust 17, 2018
On August 9, WIRED magazine reported that researchers discovered cybersecurity vulnerabilities in the way pacemaker programmers connected to the software delivery network of a specified manufacturer. The researchers claim that “digital code signing”—the cryptographic validation of the legitimacy and integrity of software—is lacking in the manufacturer’s infrastructure, allowing an attacker to potentially take control of device programmers through malicious updates that can subsequently be spread to implanted pacemakers.