September 30, 2019

Vulnerability Summary

Medtronic is aware of and is monitoring a series of cybersecurity vulnerabilities known as URGENT/11. These were publicized by Armis Security, a security services firm, over the summer. These vulnerabilities impact the networking component of VxWorks, and other widely-used embedded operating systems, to remotely access or disrupt systems. These vulnerabilities could allow an unauthorized individual to take over a vulnerable device through a network connection.

To date, no cyberattack, no unauthorized access to patient data, and no harm to patients has been observed with these vulnerabilities.

Medtronic Response

Our technical teams have assessed the situation to better understand any potential impact to our products.

To date, we have confirmed there is no impact to Medtronic products. Our product security teams are closely monitoring this evolving situation, and we will continue to take appropriate actions as circumstances dictate, including patching and additional mitigations that may become available.

Medtronic will continue to follow our established coordinated disclosure processes for any significant security vulnerabilities associated with our products or any updates associated with this vulnerability.

At Medtronic, we take cybersecurity matters seriously and have teams continuously engaged in these matters.

Additional Resources

Customers needing additional information should contact security@medtronic.com.