Wearable technology and medical devices have vulnerabilities just like anything else that is digital.
ICS-CERT recently issued an advisory about vulnerabilities in Medtronic’s MyCareLink patient heart monitors. These devices are implantable cardiac devices that transmit patients’ heart rhythms directly to a provider. The alert notes that vulnerabilities identified in the devices could be exploited by bad actors to allow the actor to access the operating system of the device. Of course, once a bad actor has access to a device, it can control the device, which could be detrimental to the patient.
The vulnerabilities are noted in all versions of Medtronic 24950 and 24952 MyCareLink Monitors. Medtronic has indicated that the risks to the monitors are controlled because a bad actor would have to have physical access to the monitor to exploit the vulnerabilities. Nonetheless, Medtronic is issuing a software update for the monitors and is urging patients to contact health care providers or Medtronic if their monitor exhibits any concerning behavior.
Not sure what that means, but apparently closely watching your monitor and confirming the software update has been applied is recommended by the manufacturer.