September 12, 2022 Welcome to the Medtronic Product Security Blog! 

This is a spot to share new and up to date information about medical device product security matters with patients, clinicians, and other healthcare security professionals.

woman with pen and laptop

Because security matters move pretty fast, this blog is intended to keep up with the dynamic nature of this topic. We’ll address key topics like:

  • Information about key security updates in the industry.
  • Developing activities that impact security of medical devices.
  • New and exciting ways that Medtronic is engaging with key stakeholders in the industry to shape tomorrow’s view on medical device security.
  • Summaries of new laws, guidance, or standards, in easy-to-understand terms.

What you WILL NOT see in this Blog:

  • Specific information about security vulnerabilities, bulletins, or disclosures. We think those communications are really important, so we already have a dedicated space on Medtronic’s website for those. Follow this link to our “Security Bulletins” page.
  • Sensitive information about specific products or services.
  • Labeling or Instructions for use, which is regulated content.

You’ve likely seen this statement before, and it’s for a good reason. As a part of our core messaging around the importance of the quality of our products, it shapes our vision and philosophy on Product Security, and it warrants repeating in the inaugural Blog Post:

At Medtronic, nothing is more important to us than the safety of our patients. Medtronic designs and manufactures our products to be as safe and secure as possible, yet accessible to the patients and physicians who depend on them.

Medical devices are potential targets of cyberattacks, and we anticipate those risks to increase and evolve over time. However, Medtronic firmly believes that the therapeutic benefits of our products far outweigh any potential security risks. We continuously monitor the ongoing security of our products and operations and take appropriate action to address vulnerabilities.

There are a lot of interested parties in medical device security. If you’re interested in this topic, we hope you’ll visit the site regularly for new perspectives. We plan to post new content regularly, but we don’t have a pre-determined schedule in mind. As interesting concepts or developments occur in the industry, with Medtronic, or with key stakeholder groups that we engage with, then we will develop a post to share that with the community.

We do have some general security content on our main website, Medtronic.com/security. It includes information about our Product Security and Information Security programs. You will also find our previously published Security Bulletins and our Outstanding Research Contributors, which is our way to recognize researchers who have positively impacted product security at Medtronic. You will also find our Coordinated Disclosure Process.

If you are a security researcher or think you have found a security issue with one of our products, then we want to know about that, please visit this link to see how to get in touch with us, you can also send us an e-mail at security@medtronic.com.

A final note on this blog, security is a “team sport.” We know that we have many valuable contributors that continue to help evolve this topic, both inside and outside of Medtronic. The primary focus for this Blog will be to communicate critical items that we think highlight the work around product security in the medical device space, and how Medtronic is helping to shape its future to ensure safe and secure products for patients and clinicians.