Some implanted cardiac defibrillators are vulnerable to hackers who could hijack the lifesaving devices and change their settings, the U.S. Food and Drug Administration is warning. Some ICDs, which are used to correct dangerously fast or irregular heartbeats, use an unencrypted wireless protocol that leave them open to malicious people who want to hack into them. The vulnerability affects more than 20 defibrillator models, monitors, and programmer units made by the company Medtronic, NBC News reports. Last week, the Cybersecurity and Infrastructure Security Agency assigned the flaw a very high vulnerability score of 9.3 out of 10. Medtronic has acknowledged the flaw, but the company and the FDA have advised doctors and patients to continue using the devices while a fix is developed, saying the devices’ therapeutic value outweighs the potential risk. No one is known to have successfully exploited the flaw, according to the FDA.
