You just clicked a link to go to another website. If you continue, you will leave this site and go to a site run by someone else.
Medtronic does not review or control the content on the other website, and we are not responsible for any business dealings or transactions you have there. Your use of the other site is subject to the terms of use and privacy statement on that site.
It is possible that some of the products on the other site are not approved in your country.
The content on this site may not be allowed under the laws of your country of residence. Please review the applicable healthcare laws in your country. If not allowed, please exit this site. Medtronic declines any liability as to your access to such information.
Click “Continue” to close this window and view the site’s content.
Your browser is out of date
With an updated browser, you will have a better Medtronic website experience. Update my browser now.
Medtronic, Inc. (“Medtronic”) offers RemoteView, which permits a user (“Programmer User”) of the Medtronic CareLink® 2090 Programmer (“Programmer”) to allow the viewing of information presently displayed on the Programmer screen with one or more individuals in remote locations anywhere in the world (“Remote Viewer”), including remote health care professionals or Medtronic representatives.
For a Remote Viewer to view information displayed on a Programmer, the Remote Viewer needs to install or access the Bomgar Representative Console software (“Licensed Software”). By installing or using the Licensed Software to view the Programmer screen information, registering a username and password in connection with the Medtronic RemoteView feature, or clicking on any acceptance button in connection herewith, you, a Remote Viewer, agree to be bound by all of the terms and conditions set forth in these Terms of Use (this “Agreement”).
Limited License Grant. You are hereby granted a nonexclusive, nontransferable, terminable, nonassignable, nonsublicensable, limited license to install and use a copy of the Licensed Software solely for authorized and legitimate purposes. You may not otherwise copy, use, modify, reverse engineer, decompile, disassemble, create derivative works based on, or integrate with other systems or programs the Licensed Software without the prior written consent of Medtronic. You shall have sole responsibility for any fees or charges, including service or data charges, incurred by you in connection with your use of the Licensed Software. You shall not remove any proprietary or other legend or restrictive notice contained or included in the Licensed Software or other documentation associated with such Licensed Software. You agree to maintain any and all copyright, trademark, and other notices on the Licensed Software and any associated documentation.
Licensed Software Functionality and Data Use, Collection, Viewing, and Transfer.
“Active Remote Viewer” as referred to herein shall mean a Remote Viewer that has installed the Licensed Software and has at the relevant point in time an active network connection to a Medtronic server via the Licensed Software.
By installing or using the Licensed Software or clicking any acceptance button in connection with this Agreement, you acknowledge, understand, agree to, and consent to all of the following, including when you are an Active Remoter User:
) Registration. To obtain access to the Licensed Software, you must register at the Medtronic RemoteView website and establish a user name and password. All information that you provide in connection with such registration must be complete, accurate, and truthful. The user name and password are personal to you and must not be shared with anyone else. You will also not attempt, directly or indirectly, to disable, bypass, or defeat any password protection associated with the Licensed Software. Medtronic reserves the right to deny or disable any user name or password or request for any user name or password.
) Your Personal Information. Medtronic will collect information in connection with your registration and installation and use of the Licensed Software, including your first and last name, your email address, a selected security question(s) and your corresponding answer(s), your address, and your telephone number. You agree that Medtronic may store this personal information about you on a Medtronic server, including a server located in the United States of America.
) Session Key. To view the information on the Programmer, the Remote Viewer must generate a Session Key that must be shared with and entered by the Programmer User. “Session Key” as used herein means a unique token active for a limited period of time generated by the Remote Viewer. You agree not to share this Session Key with anyone other than the Programmer User who has initiated the specific session.
) Logging of Session Activity. Each time you log in to the Licensed Software, Medtronic will collect information about your activity, including in an aggregated log or database, regarding you and your session, including your name, username, computer name, IP address, operating system details, and session details (including transferring and sharing activity, start and end times, view only or control activity, and any chat messages between or among any Active Remote Viewers. You agree that Medtronic may store any personal information about you on a Medtronic server, including a server located in the United States of America.
) Active Remote Users. When you are an Active Remote Viewer: (1) you will be able to view the name and/or user name of any other Active Remote Viewer who is logged into the same Medtronic server; and (2) any other Active Remote Viewer who is actively logged into the same Medtronic server will be able to view your name and/or user name. The Licensed Software also permits one Active Remote Viewer to share the information being viewed to any other Active Remote Viewer. You must not share any information from the Medtronic programmer, including with any other Active Remote Viewer, absent the express permission from the Programmer User that is allowing you to view the information.
) Availability. Medtronic has limitations on the number of users that can concurrently log in to the Licensed Software at any given time. Thus, installation of or accessing the Licensed Software does not guarantee that it will be available to you for use at any time.
Permissions. By installing and using the Licensed Software, you represent that you have permission to do so from any associated clinic, hospital, or medical practice and that your use of the Licensed Software complies with any policies or requirements of such associated clinic, hospital, or medical practice. You are also responsible for confirming that the Programmer User has obtained any necessary patient consent before allowing you to view any patient information via the Licensed Software.
Your Acknowledgements. You acknowledge that the Licensed Software is not the exclusive method of viewing information from the Programmer and that the Licensed Software is not the exclusive method by which to obtain a patient’s implanted cardiac device data, including any data on the Programmer. You also acknowledge that the Licensed Software is not intended to be used as a life-sustaining or interventional tool during medical emergencies. You further acknowledge that Medtronic is not, and shall not be deemed to be, a provider of patient health care services by virtue of its provision of access to the Programmer screen information via the Licensed Software. You also acknowledge that information from the Licensed Software is not an electronic medical record and use of the Licensed Software does not in any way relieve you from using your best medical judgment to determine a proper course of treatment for patients.
Security/Privacy of Patient Data. Your use of the Licensed Software and any Session Keys shall be solely for legitimate and lawful purposes and not for any malicious purpose. You are solely responsible for and will use your best efforts in maintaining the confidentiality and security of any copies of the Licensed Software as well as any user name, password credentials, and any Session Keys that can be used in accessing the Licensed Software, a Medtronic server, or any information from a Programmer. You are solely responsible for and will use your best efforts in keeping any patient information you may receive or view in connection with the Licensed Software confidential and secure, and you will not attempt to capture or copy any patient information you view in any electronic or hard copy format without the express permission of the Programmer User. You will be responsible for any obligations or liabilities associated with any lost, stolen, or otherwise compromised patient information.
Reporting Issues and Feedback. You agree that you will report any issues or questions, technical or otherwise, regarding the Licensed Software promptly and directly to Medtronic. If you submit any comments or ideas to Medtronic, in the absence of a separate agreement regarding such submissions, you grant to Medtronic an unrestricted, royalty-free, irrevocable license to use, reproduce, display, perform, modify, transmit, and distribute such ideas in any medium and agree that Medtronic is free to use them for any purpose. In addition, Medtronic has no obligation to provide continued maintenance and support to you in connection with the Licensed Software. Any maintenance and support services provided by Medtronic shall be at Medtronic’s sole discretion.
Limitations of Liability.
THE LICENSED SOFTWARE IS PROVIDED TO YOU “AS IS,” AND MEDTRONIC EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES WITH RESPECT TO THE LICENSED SOFTWARE AND YOUR USE THEREOF, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NONINFRINGEMENT. MEDTRONIC DOES NOT WARRANT THAT THE USE OF THE LICENSED SOFTWARE WILL BE UNINTERRUPTED OR ERROR-FREE.
IN NO EVENT SHALL MEDTRONIC BE LIABLE TO YOU OR YOUR ASSOCIATED HOSPITAL, CLINIC, OR PRACTICE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES ARISING IN CONNECTION WITH YOUR USE OF THE LICENSED SOFTWARE, SESSIONS KEYS, OR THESE TERMS OF USE (WHETHER IN WARRANTY, CONTRACT, TORT, OR OTHERWISE, INCLUDING NEGLIGENCE, AND EVEN IF MEDTRONIC HAS BEEN ADVISED OF THE POSSIBILITY THEREOF), INCLUDING WITHOUT LIMITATION MEDICAL EXPENSES, LOSS OF REVENUE OR PROFITS, OR DAMAGES RESULTING FROM LOSS, MISAPPROPRIATION, OR UNAUTHORIZED OR MALICIOUS ACCESS TO OR MODIFICATION OF DEVICE DATA, OR FROM MISTAKES, OMISSIONS, OR DELAYS IN TRANSMISSION OF INFORMATION, OR FROM INTERRUPTIONS IN TELECOMMUNICATIONS CONNECTIONS, VIRUSES OR FAILURES OF PERFORMANCE, OR FROM THE IMPACT OF THE USE ON YOUR SYSTEM. IN NO EVENT SHALL MEDTRONIC BE LIABLE TO YOU FOR INTERCEPTION OR COMPROMISE OF ANY INFORMATION OR FOR ANY RECORD OR OTHER COMMUNICATION PROVIDED IN CONNECTION WITH YOUR USE OF THE LICENSED SOFTWARE.
Legal Compliance. You shall at all times use the Licensed Software in compliance with all applicable laws. You shall ensure that your installation and use of the Licensed Software complies with all applicable export and import laws, regulations, orders, and policies of the United States of America and any other applicable jurisdiction. You represent and warrant that (i) you are not located in a country that is subject to a U.S. Government embargo, or that has been designated by the U.S. Government as a “terrorist supporting” country, and (ii) you are not listed on any U.S. Government list of prohibited or restricted parties.
Term, Termination, Modifications, and Support. This Agreement shall be in effect from the date when you first install or use the Licensed Software. Medtronic may modify, amend, or terminate this Agreement at any time, including by providing notices or an updated version of this Agreement on a Medtronic website. Medtronic may modify, disable, or terminate your use or Medtronic’s support of the Licensed Software at any time, including by providing notices on a Medtronic website. All obligations which are ongoing in nature shall survive termination or expiration of this Agreement. At any time upon Medtronic’s request (including via a notice on a Medtronic website), you agree to promptly delete and terminate use of any and all copies of the Licensed Software. In addition, upon Medtronic’s request, you agree to provide written verification that you have destroyed all copies of the Licensed Software together with the manner, date, and time of such destruction.
Miscellaneous. This Agreement constitutes the entire agreement between Medtronic and you regarding your use of the Licensed Software and supersedes any prior and contemporaneous written or oral agreements or understandings related to the Licensed Software. You may not assign any of your rights or responsibilities under this Agreement without the prior written consent of Medtronic. Except as expressly provided herein, no person or entity other than Medtronic and you, including without limitation any patient, is or shall be a third party beneficiary of this Agreement or otherwise entitled to bring any action to enforce any provision of this Agreement against Medtronic or you. With regard to any purported agreement or terms of use between you and Bomgar Corporation in connection with the Licensed Software (“Bomgar EULA”): (a) any Bomgar EULA shall be solely between you and Bomgar Corporation; (b) Medtronic shall not be a party to any Bomgar EULA; (c) any Bomgar EULA shall not necessarily reflect the contents of any agreement between Bomgar Corporation and Medtronic; (d) any Bomgar EULA shall not modify or take precedence over this Agreement; and (e) nothing in this Agreement shall be construed to suggest the enforceability or unenforceability of any Bomgar EULA. This Agreement shall be governed by and interpreted, construed, and enforced in accordance with the laws of the State of Minnesota (exclusive of the choice of law rules thereof). The parties hereby expressly waive any right to a trial by jury or class treatment of any claim, demand, action, or cause of action arising out of or relating to the Licensed Software or this Agreement. In the event that any provision of this Agreement violates any applicable statute, ordinance, or rule of law, such provision shall be ineffective to the extent of such violation without invalidating any other provision of this Agreement. No provision of this Agreement may be waived except by an agreement in writing signed by the waiving party. A waiver of any terms or provisions shall not be construed as a waiver of any other term or provision.
NayaMed International Sárl Customers: Whether the RemoteView feature shall be used in connection with NayaMed customers or devices shall be solely within the discretion of NayaMed International Sárl. If the Licensed Software is used connection with NayaMed customers or devices, this Agreement shall be directly between you and NayaMed with respect to those uses.
March 21, 2019
Updated: June 3, 2021
Medtronic has released a final update to address these vulnerabilities in a subset of devices listed below.
Protecta™ Cardiac Resynchronization Therapy Defibrillator (CRT-D) and Implanted Cardiac Defibrillator (ICD), all models
Additionally, updates for Amplia MRI™ CRT-D, all models; Claria MRI™ CRT-D, all models; and Compia MRI ™ CRT-D, all models; are now available worldwide where approved by local regulators.
The complete updated advisory issued by CISA, can be found here.
To date, no cyberattack, privacy breach or patient harm has been observed or associated with these vulnerabilities. |
March 21, 2019
Updated: April 8, 2021
Medtronic has released a final update to address these vulnerabilities in a subset of devices listed below.
Protecta™ Cardiac Resynchronization Therapy Defibrillator (CRT-D) and Implanted Cardiac Defibrillator (ICD), all models
The complete updated advisory issued by CISA, can be found here.
To date, no cyberattack, privacy breach or patient harm has been observed or associated with these vulnerabilities. |
March 21, 2019
Updated: June 04, 2020
Medtronic has released an update to address these vulnerabilities in a subset of devices listed below.
Amplia MRI™ CRT-D, all models (update released in US only)
Claria MRI™ CRT-D, all models (update released in US only)
Compia MRI™ CRT-D, all models (update released in US only)
Visia AF MRI™ ICD, all models (update released worldwide)
Visia AF™ ICD, all models (update released worldwide)
To date, no cyberattack, privacy breach, or patient harm has been observed or associated with these vulnerabilities.
The complete updated advisory issued by ICS-CERT, can be found here.
Updated: January 30, 2020
Medtronic has released an update to address these vulnerabilities in a subset of the devices listed below.
Brava™ CRT-D, all models
Evera MRI™ ICD, all models
Evera™ ICD, all models
Mirro MRI™ ICD, all models
Primo MRI™ ICD, all models
Viva™ CRT-D, all models
Original Bulletin: March 21, 2019
External security researchers Peter Morgan of Clever Security and Dave Singelée and Bart Preneel of KU Leuven, Eduard Marin formerly of KU Leuven and currently with the University of Birmingham, Flavio D. Garcia, Tom Chothia of the University of Birmingham and Rik Willems of University Hospital Gasthuisberg Leuven disclosed potential cybersecurity vulnerabilities in some Medtronic products. The vulnerabilities apply to the proprietary Medtronic Conexus™ radio frequency wireless telemetry protocol (referred to “Conexus telemetry” in this document) associated with some Medtronic ICDs (implantable cardioverter defibrillators) and CRT-Ds (cardiac resynchronization therapy defibrillators). A complete list of affected products is at the end of this document.
To date, no cyberattack, privacy breach or patient harm has been observed or associated with these vulnerabilities. |
Conexus telemetry is not used in Medtronic pacemakers (including those with Bluetooth® wireless functionality). Additionally, CareLink Express monitors and the CareLink Encore programmers (Model 29901) used by some hospitals and clinics do not use Conexus telemetry.
Conexus telemetry allows Medtronic programmers and monitoring accessories to:
The vulnerabilities could allow an unauthorized individual (i.e. someone other than a health care professional) to access and potentially change the settings of an implantable device, home monitor or clinic programmer. Medtronic is conducting security checks to look for unauthorized or unusual activity that could be related to these vulnerabilities.
Taking advantage of these vulnerabilities in order to cause harm to a patient would require detailed knowledge of medical devices, wireless telemetry and electrophysiology. Exploitation is also more difficult because:
Medtronic is developing updates to mitigate these vulnerabilities. We will inform patients and physicians when they become available (subject to regulatory approvals).
Medtronic recommends that patients and physicians continue to use these devices as prescribed and intended. The benefits of remote monitoring outweigh the practical risk that these vulnerabilities could be exploited. These benefits include earlier detection of arrhythmias, fewer hospital visits and improved survival rates.
Patients with concerns about these cybersecurity vulnerabilities should discuss these concerns with their physicians.
The complete updated advisory issued by ICS-CERT can be found here.
Devices and Accessories utilizing Conexus telemetry include:
Implantable Devices
Amplia MRI™ CRT-D, all models
Brava™ CRT-D, all models
Brava™ ICD, all models
Claria MRI™ CRT-D, all models
Compia MRI™ CRT-D, all models
Concerto™ CRT-D, all models
Concerto™ II CRT-D, all models
Consulta™ CRT-D, all models
Evera MRI™ ICD, all models
Evera™ ICD, all models
Maximo™ II CRT-D and ICD, all models
Mirro MRI™ ICD, all models
Nayamed ND ICD, all models
Primo MRI™ ICD, all models
Protecta™ CRT-D and ICD, all models
Secura™ ICD, all models
Virtuoso™ ICD, all models
Virtuoso™ II ICD, all models
Visia AF MRI™ ICD, all models
Visia AF™ ICD, all models
Viva™ CRT-D, all models
Programmers and Monitors
CareLink™ 2090 Programmer
CareLink™ Monitor, model 2490C
MyCareLink™ Monitor, models 24950 and 24952
*Not all devices are approved or distributed in all geographies.
Q: What was done to address these vulnerabilities?
A: Medtronic decreased the attack surface area of the devices and reduced the window of time in which Telemetry C is active. IT security professionals may contact Medtronic cybersecurity team if they have additional questions Patient Technical Services at 855-275-2717.
As part of our ongoing vigilance, Medtronic is conducting security checks to look for unauthorized or unusual activity related to these vulnerabilities.
Q: How are these updates being implemented to patient devices?
A: A patient’s device will automatically receive the updated software during device interrogation at their next clinic visit.
Q: How do patients know if their device has been updated?
A: Patients should contact their physician to determine if their device has been updated.
Q: Why did the FDA issue a safety alert about this issue?
A: Medtronic disclosed vulnerabilities related to the proprietary wireless communication technology (Conexus telemetry) associated with certain Medtronic ICDs and CRT-Ds and programmers. We have also shared guidelines to mitigate cybersecurity risks related to Conexus telemetry.
Q: What is the practical risk to a patient?
A: Even though an unauthorized user may be able to access the Conexus telemetry, that access does not mean the unauthorized user will have the ability to control or change the settings of an implanted heart device. Fully exploiting these vulnerabilities requires comprehensive and specialized knowledge of medical devices, wireless telemetry and electrophysiology. These vulnerabilities are not accessible from the Internet.
To date, neither a cyberattack nor patient harm has been observed or associated with these vulnerabilities.
Q: What should a patient do next?
A: Medtronic recommends that patients and physicians continue to use devices as prescribed and intended. The benefits of remote monitoring outweigh the practical risk that these vulnerabilities could be exploited. The following guidelines should be used to further reduce the risk of these vulnerabilities:
Patients with concerns about these cybersecurity vulnerabilities should discuss these concerns with their physician.
US: Medtronic Patient and Technical Services is available to answer questions Monday-Friday 7am – 6pm central time at 855-275-2717.
International: Contact your local Medtronic representative.
Disclaimer: This page may include information about products that may not be available in your region or country. Please consult the approved indications for use. Content on specific Medtronic products is not intended for users in markets that do not have authorization for use.