Pacemaker hacking and Metronics “myCareLink” app vs a bedside monitor

[www.beckershospitalreview.com]

I’m posting in the Afib not general as a public service because pacemaker’s boost therapy settings can convert afib. Mine converts all the time. I want to mention a problem Metronics (PM company) is currently having.

I was very happy with my bedside monitor because the alternative communication would be to drag my cell phone with me wherever I go while the bedside monitor transmits between 12-5am while I sleep. In March I contacted Metronics for advice because I was planning a near month abroad and debating if I should bring my bulky monitor with me or use a phone app. I was told I could switch to the app but I would need to return my monitor that has my assigned serial number. Once I return from my vacation I could get sent another free monitor. Nobody told me they ran out of monitors last year and I should ignore the request and not mail it back.

This is a warning that Metronics bedside monitor has been in back order since November. I can only choose between an app or the monitor. If I order the monitor now (back order waitlist), immediately the app will be disconnected and no communication between my pacemaker and Metronics can be made (I.e schedule downloads, safety checks, event downloads) until the monitor is available. They have no clue when the monitors will be available. They can’t bend their rules and let me keep the app until I receive the monitor. I can always get my EP to order a Metronics download by having my EP request a Metronics tech to make an office visit…or I can go to the ER and have the ER order a Metronics tech to come with his wand to download. Some hospitals have the wand and Metronics software and then transmit to Metronics and wait for a fax…but who wants that bother?

So those with the Metronics app could possibly be hacked according to the above article:
“In December, the Cybersecurity and Infrastructure Security Agency warned of vulnerabilities within Medtronic's MyCareLink Smart device, which monitors pacemaker activity and sends information to clinicians.

The issue was not with the medical devices but with the remote systems used to update the devices, according to the report. A hacker could exploit the vulnerabilities and modify or fabricate data from implanted cardiac devices uploaded to the CareLink network and remotely execute code on the device to control the connected pacemaker.”

Or:
[www.wired.com]
Where they discussed bring in a live pig (with a Metronics PM) to demonstrate and kill it remotely.

If you have a Metronics monitor, don’t send it back. Don’t bother buying an used one on eBay because Metronics won’t transfer the former’s patients serial number to you. If you use the phone app-Medtronic's MyCareLink Smart device- you may the run the risk of having the hacker send unlimited commands to boost therapy (zap and risk wearing out the pacemaker battery) or ignore the settings to convert when a patient has afib. All the hacker needs is close proximity to your phone app communicating with your PM. My app transmitted 14 hours the other day. It seems to be always “processing “ according to a Metronics rep who checked my PM remotely. The monitor only transmit at night briefly by your bedside.

The whole thing about the hacking is interesting and something to be aware of in the future, but can we make it clear that there is no actual threat here? Nobody's going to try to hack your pacemaker without a major profit motive, so unless you happen to be Elon Musk or Vladimir Putin, I think you can sleep soundly.

True but serial killers don’t need motives. The app is not an equal substitute to the monitor and still a safety issue. I posted because Metronics has the opportunity to simply fix a code and they won’t. They are back ordered on their device monitors and don’t disclose it, which is a bigger problem and they have no issue denying use of the app since November until their patient’s ordered monitors arrive. They are in the business of providing a lifesaving implanted product that needs frequent safety checks and communication with the EP if something goes wrong- similar to a security monitoring service communication with 911. The cell phone app is finicky communicating most of the day and requires battery charging more frequently. The app is inferior. My iPhone has to be 3 feet away from my PM all day connected to wifi —from what I was told by Metronics today troubleshooting why my app transmission failed yesterday.

Are we talking Medtronic beside monitor and implant?. Or is Metronic a different brand.?



Edited 1 time(s). Last edit at 05/06/2022 08:10AM by JoyWin.

Metronics bedside and Metronics pacemaker implant and the Metronics phone app

Serial killers don't hack pacemakers.

There is no credible threat to anyone here. Can we make that much clear?

Ok. Move on to the back order of the monitor problem where if you place an order, your app will be disconnected and no transmission or nightly safety checks can occur until they finally get the monitor back in stock. It’s been over six months out of stock.

This is a safety issue in which the EP will not get alerts (based on his perimeter settings). My EP sets my alert notifications to high tachycardia and v-tach as an example. My EP have a lady hired in their PM clinic just to check the nightly safety checks of all their patients for serious arrhythmias. If the patient is in unknown duress or if the pacemaker fails the nightly safety check, it will be undetected by Metronics monitoring if one’s app is disconnected during the long back order. People with a Metronics implant should be aware. Thus the post.