Company takes action to help safeguard heart devices from hacking

19th January 2017

A company that produces heart devices is taking action to safeguard its internal defibrillators and biventricular pacemakers from the threat of hacking.

The US Department of Homeland Security has identified worries about the cybersecurity of the St Jude Medical heart devices using a remote-monitoring system called Merlin@home, said a safety notice issued by the US Food and Drug Administration (FDA). 

St Jude Medical last week issued cyber security updates for its Merlin remote monitoring system.  It says these will reduce the risk of an unauthorised user causing harm to the devices.

The FDA said an unauthorised user could potentially cause “rapid battery depletion and/or administration of inappropriate pacing or shocks.”

But it is not thought that any malicious hacking has been committed and that no patients have knowingly been harmed.

St Jude Medical said in a press release this week: “All medical devices using remote monitoring are exposed to the risk of a potential cyber security attack. In recognition of the changing cyber security landscape and the increased public attention on highly unlikely medical device cyber risks, we are informing the public about these ongoing actions so that patients can continue to be confident about the benefits of remote monitoring.”

The company urges that device users should make sure their Merlin@home unit is plugged in and connected in order to receive the new software as well as future updates.

It urges doctors and patients with any questions to visit its website for more information.

The FDA says it has reviewed the  new software and conducted an assessment of the transmitter and has determined “that the health benefits to patients from continued use of the device outweigh the cybersecurity risks.”

For more details, see here.