Healthcare Information Security

Cybersecurity News

Medtronic Ventilator Recalled by FDA for Software Update

The voluntary corrective action for Medtronic Puritan Bennett 980 ventilators addresses customer feedback that found the USB drive impacted the GUI function and display.

FDA alert around Medtronic device vulnerability

By Jessica Davis

- The Food and Drug Administration released an alert about a global voluntary corrective field action on Medtronic’s Puritan Bennett 980 ventilators. The action was announced this week and began on September 19.

The FDA classified the action as a “Class I Recall.”

According to the alert, the ventilator software requires an update to address customer feedback. Without the update, the USB drive performance impacts the Graphical User Interface functionality and the displayed label on the GUI when the ventilator is in use.

The software update will also include other product enhancements, officials explained. Medtronic is currently updating all PB980 ventilators with this software upgrade at customer facilities. The operator’s manual has been updated with these changes.

Medtronic advised customers that the ventilators can continue to be used before the update is installed. Further, the vendor hasn’t received any reports about serious adverse health consequences caused by the issue.

This is the second alert about a Medtronic device this month. The Department of Homeland Security found vulnerabilities in three Medtronic programmers, which failed to encrypt the protected health information or personally identifiable data stored on the device.

Medtronic has released several updates throughout the year to shore up the security of its devices. In August, DHS flagged several flaws found in a Medtronic patient monitor and insulin pump that could expose patient data to attackers.

That same month, two security researchers blasted Medtronic’s delayed response to some of these medical device flaws at the Black Hat Security Summit.

Since the FDA released its medical device cybersecurity guidance in 2016, device manufacturers reported 400 percent more vulnerabilities per quarter, according to Medcrypt research.

The increase highlights manufacturers moving to address cybersecurity flaws in legacy medical devices, which have remained a top concern for health organizations in recent years. It also points to a sign of growing compliance with FDA rules and a maturity in risk assessments.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...