Medtronic disables internet updates for pacemaker programmers

NEW YORK (Reuters) – Medical device maker Medtronic Plc has disabled internet updates for two models of its CareLink devices that healthcare providers use to program implanted pacemakers, saying the system was vulnerable to cyber attacks.

FILE PHOTO: Massachusetts Institute of Technology researcher and graduate student Haitham Al-Hassanieh holds one of the Medtronic heart defibrillators he successfully hacked, at MIT in Cambridge, Massachusetts October 10, 2014. REUTERS/Brian Snyder/File Photo

The company said it knows of no cases where the vulnerability had been exploited by hackers in a letter sent to physicians this week, which was labeled “urgent medical device correction.”

The vulnerability “could result in harm to a patient depending on the extent and intent of a malicious cyberattack and the patient’s underlying condition,” according to the letter, which was obtained by Reuters on Thursday.

Reporting by Jim Finkle in New York; Editig by Bill Berkrot