Medtronic 977006 Reference Guide

Pain Stimulation

SECURITY

REFERENCE GUIDE - US

System Level Diagrams: Pain Stimulation

NDHF1566-202483 version 2.0 1

Pain Stimulation

SECURITY

REFERENCE GUIDE - US

NDHF1566-202483 version 2.0 2

Pain Stimulation

SECURITY

REFERENCE GUIDE - US

FREQUENTLY ASKED QUESTIONS

1. How do I ensure my system components are secure in the environments in which they operate? Are
appropriate cybersecurity controls in place to enable secure operations?

Common Platform:

Profile restrictions: The CT900 Clinician Tablet and HH90 Handset that operate with an Android environment utilize a

Mobile Device Manager (MDM) for management of restriction profiles and the deployment of Medtronic Therapy
Applications.

Access Control: The CT900 Clinician Tablet enforces password login with minimum length and character

requirements in tandem with native Android AES-256 encryption that is used to encrypt the entire contents of the
Android device’s disk. The Handset (HH90) has optional password configuration.

Policy enforcement: To augment the security of these devices, a stringent set of restriction policies have been set in

place that are enforced by the MDM; as such, on the Handset (HH90) there is no access to the Google Play store for
the downloading of third-party applications. Although the CT900 Clinician Tablet allows access to the Google Play
store and downloading of third-party applications, the MDM prevents their execution. The applications that are
allowed to run are restricted by a combination of whitelist and blacklist profiles managed by the MDM. Enforcing
these profiles automatically permits execution of whitelisted applications (applications that are allowed to run on the
HH90 Handset and the CT900 Clinician Tablet) and blocks execution of blacklisted applications. The blacklist profile
also disables any native Android applications that are pre-installed as part of the Android default apps on the device.

Root detection is implemented at the Android Operating System layer and device rooting will be prevented
automatically. In the unlikely event of a successful root, MDM will perform a device wipe to remove all data and
Medtronic applications on the device. Refer to Question 3 and contact information at the end of this document for
recovery options.

All Medtronic Therapy Applications operate on a secure environment/secure Operating System layer protected by
anti-tampering and anti-reverse engineering capabilities that include the following: code obfuscation, resource
encryption, integrity checking, debugger detection, root detection, digital signature checks, data integrity checks,
and encrypted logs.

Pain Stimulation Therapy:

Telemetry Environment: Instructions for users for mitigating telemetry issues in environments with high

Electromagnetic Interference (EMI), such as close proximity to Radio Frequency Identification (RFID) equipment, are
provided in the pain stimulation therapy-specific patient booklets and Model 8880T2 Communicator Technical
Manual.
In noisy telemetry environments, the 8880T2 Communicator provides a wired USB connection option to connect to
the CT900 Clinician Tablet.

Secure Connection: Instructions for securely pairing the Model TM91 Communicator to the HH90 Handset and

linking to the Neurostimulator are provided in the patient user guide. When the user scans the code on the TM91
Communicator label, the A72200 MyStim Patient Programmer App calculates the correct Bluetooth Media Access

NDHF1566-202483 version 2.0 3