The federal government warned that hackers can take control wirelessly of certain implanted heart devices.
The Department of Homeland Security said Medtronic's cardio defibrillators have a serious flaw. Attackers can surreptitiously take over the devices using radio communications.
Private researchers discovered the problem and notified the manufacturer two years ago, but now it is official. Hackers can kill people with the implants through radio signals.
Medtronic's defibrillators are implanted to deliver electrical shocks to treat irregular heart rhythms, which can be fatal. They are standard treatment because doctors can monitor and adjust them wirelessly without older, more invasive procedures.
However, the DHS said the devices work on a frequency that is not secure. That allows hackers within radio range to rewrite the defibrillator firmware and "impact the intended function of the device," the government said.
At a conference last year, researchers demonstrated how to hack the device. Theoretically, they could increase the number of shocks sent to a patient's heart.
They said the notified Medronics about the vulnerability in January 2017.
However, it was not the first time medical devices were found to have security issues. In 2015, the Federal Drug Administration said pacemakers, insulin pumps and other medical devices were vulnerable to hackers.
The problem has created legal liabilities for hospitals. St. Jude Medical, for example, sued over cardiac implants that were reportedly vulnerable.