OTPulse

Medtronic MyCareLink Patient Monitor

MonitorCVSS 6.4ICS-CERT ICSMA-18-179-01Jun 28, 2018
Medtronic
Attack path
Attack VectorPhysical
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary

The MyCareLink Monitor (models 24952 and 24950) contains vulnerabilities (CWE-259 hardcoded credentials, CWE-749 improper control of interaction frequency) that could allow privileged access to the monitor's operating system with physical access. Additionally, when operated in close proximity to implantable cardiac devices (pacemakers, defibrillators), the monitor can read and write arbitrary memory values in those devices. Medtronic has stated rolling over-the-air updates will mitigate these issues through standard automatic update processes and has increased security monitoring of affected infrastructure.

What this means
What could happen
An attacker with physical access to the MyCareLink monitor could gain privileged control of the device's operating system and read or modify memory values in nearby implantable cardiac devices, potentially altering pacemaker or defibrillator settings or stopping device operation.
Who's at risk
Healthcare organizations using Medtronic MyCareLink Patient Monitors (models 24952 and 24950) for remote monitoring of implantable cardiac devices (pacemakers and defibrillators). This affects hospital cardiac care units, outpatient cardiology clinics, and home monitoring programs that depend on these devices for patient surveillance.
How it could be exploited
An attacker would need to physically access the MyCareLink monitor and exploit hardcoded credentials or weak authentication to gain privileged access to the operating system. Once inside, they could then exploit proximity-based wireless communication with implantable cardiac devices to read or write arbitrary memory values, altering device settings or functionality.
Prerequisites
  • Physical access to the MyCareLink monitor
  • Monitor must be in close physical proximity to an implantable cardiac device (pacemaker or defibrillator) to exploit device memory
  • Knowledge of exploitation technique for hardcoded or weak credentials (CWE-259)
Hardcoded or default credentials (CWE-259)Affects safety-critical implantable medical devicesNo patch currently available for all versionsRequires physical access to exploit (moderate barrier)
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (2)
2 pending
ProductAffected VersionsFix Status
24952 MyCareLink Monitor: all versionsAll versionsNo fix yet
24950 MyCareLink Monitor: all versionsAll versionsNo fix yet
Remediation & Mitigation
0/4
Do now
0/1
HARDENINGRestrict physical access to MyCareLink monitors to authorized clinical staff only; store devices in locked, secure locations when not in use
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXApply Medtronic over-the-air security updates when available as part of standard device update processes
HARDENINGMonitor Medtronic security advisories and patient communications for specific update timelines and guidance
Long-term hardening
0/1
HARDENINGReview and audit access logs for MyCareLink monitors to detect unauthorized physical access attempts
View full CISA ICS-CERT advisory
API: /api/v1/advisories/49ae3685-6a30-4fdd-8e4a-c7b854c3c24b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.