A deadly vulnerability in a medical device: how hackers can control your heart
Attacks can stop patients from being treated and shut down vital equipment.
Vulnerability CVE-2023-31222 (CVSS: 9.8) affects a software company called Paceart Optima that runs on Windows servers in healthcare organizations. Paceart Optima is used to store and retrieve data from devices running on systems from all major medical device manufacturers.
The vulnerability allows hackers to steal, delete or change data, as well as penetrate the network of a medical organization. In addition, using this error, an attacker can remotely execute code on the device (Remote Code Execution, RCE) and carry out DoS-attacks (Denial of Service, DoS).
Medtronic confirmed There is a vulnerability in the Paceart Optima messaging feature that is not enabled by default. The equipment manufacturer urged medical facilities to contact Medtronic Paceart technical support to install the update and fix the vulnerability. The flaw affects all versions of the application 1.11 and earlier, but so far no cases of its exploitation have been recorded.
Industry experts stressed that Medtronic Packart Optima collects critical data, and any interference could seriously disrupt hospital operations and patient care. Because the vulnerability allows remote code execution on the Optima system, a skilled attacker could find ways to interfere with general device maintenance and related workflows in the hospital.
It is noted that the vulnerability is very easy to exploit, and it can be useful for those extortion groups that usually target hospitals and healthcare organizations. The most likely scenario would be that a ransomware group exploits the vulnerability for both encryption and extortion after patient data is stolen. The world as a whole has seen a significant increase in the use of IoT devices, and most of them in clinical settings operate without strong passwords, which dramatically increases the risk of devices being compromised for ransom.