Jonathan Greig reports:
The Cybersecurity and Infrastructure Security Agency (CISA) warned of a severe vulnerability in a cardiac device from medical device company Medtronic.
The issue – tracked as CVE-2023-31222 – carries a “critical” CVSS score of 9.8 out of 10 and affects the company’s Paceart Optima software that runs on a healthcare organization’s Windows server.
Medtronic said in an advisory that if exploited, the vulnerability allows hackers to delete, steal or modify data from a cardiac device. Hackers can also use the device’s issues to penetrate into a healthcare organization’s network.
Read more at The Record.