Medical devices

Medtronic steps up cybersecurity moves

Medtronic has shut off the ability to remotely update the software on two machines that are used in doctor’s offices to program the settings on implanted pacemakers and defibrillators, expanding cybersecurity precautions that were announced earlier this year.

The global medical device company is shutting down the ability of its CareLink 2090 and CareLink Encore 29901 device programmers to download new software updates remotely. The news follows a demonstration at a cybersecurity conference in August by independent researchers who showed that the vulnerabilities in Medtronic device programmers could negatively impact patient care.

The CareLink machines are not implantable devices themselves, but rather are tools that a doctor can use in the office to adjust the settings or update the software on implanted heart devices.

The researchers said hacked software could be remotely downloaded onto the CareLink devices, and then the compromised devices could be used to push code onto an implanted pacemaker or defibrillator, allowing an attacker to make changes that could harm a patient. Such an attack has not been documented in the real world. Indeed, there has never been a documented cyberattack against any medical device that was intended to harm a patient. The documented cyberattacks that have affected health care have typically involved e-mailed “ransomware” attacks against hospitals.

This month, the Food and Drug Administration approved Medtronic’s request to do network updates that intentionally block CareLink 2090 and CareLink Encore 29901 programmers from accessing Medtronic’s “software deployment network” to receive software updates. Although there was no security update to the CareLink machines themselves, Medtronic is still working on additional security changes, an FDA alert about the changes says. Future updates to the devices will be done in person by Medtronic personnel.

“Customers should continue to use the programmers for programming, testing, and evaluating implanted devices,” Medtronic said in a bulletin. The FDA says that any medical device that connects to Wi-Fi, public or home internet networks may contain security vulnerabilities.

Joe Carlson

Health care

Mixed picture for Medicare competition

This is a big year for Minnesotans in Medicare because a popular sort of coverage known as the Medicare Cost plan is disappearing in 2019 across 66 counties. That means more than 300,000 people will be shifting coverage, setting off a big push by health insurers to win their business.

A Star Tribune analysis published last Monday showed the number of insurance offerings that are sold in Minnesota is on the rise with more Medicare Advantage and Medicare prescription drug plans in the mix. In addition, more companies have been approved to sell Medigap supplement policies, although approval doesn’t necessarily mean insurers will market the coverage.

Even so, consumers using the Medicare website and typing in most ZIP codes in Minnesota are finding fewer choices in terms of health plans — our summary term for Medicare Advantage and Medicare Cost plans — than when they searched options for 2018. Why a reduction, with all the competition?

First, while Medicare Advantage plans are on the rise, they aren’t necessarily sold in all counties, whereas Medicare Cost plans typically were available statewide. Second, insurers sold a bunch of Cost plans that didn’t include drug coverage because many beneficiaries liked to mix-and-match Cost plans with a stand-alone prescription drug plan from a different company. With Medicare Advantage, the mix-and-match approach isn’t an option. If you want Rx coverage with a Medicare Advantage plan, you buy the coverage from the same insurer as part of an integrated health plan, so there’s less of a market for non-Rx plans.

Open enrollment runs through Dec. 7.

Christopher Snowbeck

Small Business

SBA reports decline in agency-backed loans

The Minnesota office of the U.S. Small Business Administration (SBA) said SBA-backed loans to Minnesota small businesses through participating banks and other lenders declined in fiscal year ended in September.

The SBA guaranteed 1,774 loans, including real estate mortgages, valued at $609 million, compared with 2056 loans valued at $681.2 million in fiscal 2017.

The Minnesota SBA office indicated that lenders relied less on the SBA guarantee program, which requires more due diligence, as more small-business customers qualified for conventional financing as their businesses prospered in a good economy in 2017-2018.

The top lenders in Minnesota by number of loans include Wells Fargo Bank and U.S. Bank, with 130 loans each.

Nationally, the SBA in fiscal 2018 said it guaranteed $30 billion-plus through more than 72,000 approved loans.

Neal St. Anthony