Medtronic has released updates to address known vulnerabilities in its line of connected medical devices that were initially disclosed last year and in 2018. The medical device giant has issued fixes for bugs first disclosed in 2018 and 2019. An ICS-CERT advisory last week gives the most severe of the flaws a CVSS critical severity rating of 9.3. The bugs would have allowed an attacker to remotely update the software with non-Medtronic software, causing potential harm to a patient.
Source: https://threatpost.com/medtronic-patches-implanted-device-carelink/152533/