Endpoint/Device Security

CISA: Medtronic data storage system impacted by critical bug

Healthcare organizations across the U.S. have been warned by the Cybersecurity and Infrastructure Security Agency regarding a critical vulnerability in Medtronic's Paceart Optima cardiac device data storage system, reports The Record, a news site by cybersecurity firm Recorded Future. Threat actors could leverage the flaw, tracked as CVE-2023-31222, to facilitate cardiac device data modification, deletion, and exfiltration, as well as enable remote code execution and denial-of-service attacks but there has been no evidence so far suggesting active exploitation of the bug, said Medtronic. "Healthcare delivery organizations should work with Medtronic Paceart technical support to install an update to the Paceart Optima application to eliminate this vulnerability from the Paceart Application Server," Medtronic added. Phosphorus Vice President Sonu Shankar emphasized the severity of the vulnerability, which could be used to impact not only cardiac devices but also related hospital workflows to enable patient data encryption and extortion activities. Such a flaw should also prompt medical device manufacturers to proactively address security issues, according to GuidePoint Security Operational Technology Consultant Christopher Warner.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.