Your browser is out of date

With an updated browser, you will have a better Medtronic website experience. Update my browser now.

×

Skip to main content

superDimension™ Navigation SECURITY BULLETIN

January 19, 2023

Impacted products

superDimension collage

superDimension™ navigation system and planning station version 7 (V7) family of applications including:

  • Procedure software versions: 7.0, 7.1, 7.2 
  • Planning software versions 7.0.3, 7.0.4, 7.1
superDimension screenshot

Prior versions of the superDimension™ navigation system, V61 and earlier, are also impacted. 

Overview

The superDimension™ navigation system is used to perform electromagnetic navigation bronchoscopy procedures.  During a procedure, a physician uses the system to navigate endoscopic tools to targets in the lungs such as lymph nodes and solitary pulmonary nodules.  The system is used in two phases and has two corresponding software applications – planning and procedure. 

All versions of the superDimension™ navigation system run on Microsoft Window’s operating system platforms that are no longer supported by Microsoft (Windows 7 end of support was in 2020, Windows XP end of support was in 2014).  Due to the age and support status of the underlying technologies, the superDimension™ navigation system has security vulnerabilities, primarily related to the Microsoft Windows operating system, which could allow an unauthorized user to execute code on the system.

The superDimension™ navigation system hardware is not compatible with newer versions of the Windows operating system.  Due to this and limited availability of replacement parts, Medtronic has communicated global end of guaranteed service (EOGS)2 dates for the superDimension™ navigation system.  Please contact your Medtronic sales or marketing representative for more information and alternate product options.

To date, no cyberattack, no unauthorized access to patient data, and no harm to patients has been observed with these vulnerabilities.

The majority of known vulnerabilities apply when the superDimension™ system is connected to the hospital network.  In this scenario, an attacker with access to the network when the device is on could exploit these vulnerabilities and compromise the system.  If this were to happen the system may become unavailable for the procedure. Other vulnerabilities require local access to the system. 

Medtronic recommends that healthcare providers continue to use these devices as intended.  However, if the superDimension™ system is currently configured to connect to a hospital network, Medtronic recommends disconnecting the superDimension™ system from the hospital network.

In all cases, Medtronic recommends special care be taken to control the physical security of the device.

If you experience any unusual or unexpected behavior from the device, please contact the Medtronic Lung Health Technical Service Hotline: 1-877-501-8737.

If you are concerned about your care delivery associated with the superDimension™ navigation system, please consult your care provider.

Additional Resources

If disconnecting a currently networked system, Medtronic recommends loading CT scans directly on the console.  If a superDimension™ planning station is used, Medtronic recommends that it also be disconnected from the hospital network and use of a dedicated USB for transfer of plans between the planning station and the navigation system.  Physically securing the system when not in use and using in a disconnected/isolated manner can prevent exploitation of most known vulnerabilities. 

Medtronic does NOT recommend applying Windows updates to resolve this issue as the superDimension™ system has not been validated for use with additional Windows updates.

Due to these network related vulnerabilities, Medtronic is no longer able to support new or existing network connections with superDimension™ navigation system or planning station.

We will continue to monitor our products for additional vulnerabilities. If any further communications are necessary, we will provide them through our established Coordinated Disclosure process.

Additionally, we will use this security matter to enhance our internal security reviews, including penetration testing and threat modeling capabilities.

For more information

For further information including a list of vulnerabilities, please contact the Medtronic Lung Health Technical Service Hotline: 1-877-501-8737
rs.ilstechservice@medtronic.com

Footnotes

1. Guaranteed service for V6 ended in the U.S. in December 2019.
2. End of guaranteed service is defined as the date which Medtronic is no longer required to provide replacement parts (including software) for that product, but will continue to provide technical service, field service, and case support (by geography and worldwide).