The Food and Drug Administration (FDA) confirmed that certain implantable cardiac devices of St. Jude Medical have vulnerabilities that let the hacker access a device. The devices, such as defibrillators and pacemakers are used to control heart functions and prevent heart attacks.
The penetrable devices under FDA’s warning are the Merlin@home Transmitters made by St. Jude Medical, which is the part of the home monitor. Pacemakers and other implanted cardiac devices use a wireless RF signal to connect to the home monitor. A physician can monitor the pacemaker and patients’ health by accessing the data stored in its own cloud Merlin.net Patient Care Network. Merlin monitors can read the data stored on a pacemaker before uploading them to the cloud. FDA says, someone could hack the monitors to send modified commands to the patients’ pacemaker or other implanted device, and with the right access, could deplete the battery or administer incorrect pacing or shocks.
In August 2016, Carson Block, founder of Muddy Waters published a report saying certain St. Jude Medical’s cardiac devices could have vulnerabilities. St. Jude refused the accusation and filed lawsuit against the firm.
However, the good news is there have been no reported hacks and FDA said patients can continue to use the cardiac devices. Besides, St. Jude Medical also developed a software patch to fix the problem, which will be automatically applied to the affected Merlin@home devices over the air. All you have to do is to ensure all the devices are online and plugged in.