The Food and Drug Administration (FDA) has announced a cyber vulnerability within the St. Jude Medical radio frequency implantable cardiac device and Merlin@home Transmitter. After reviewing potential hacking threats, the FDA surmised that an unauthorized person could remotely access a patient’s implanted device by altering the Merlin@home Transmitter, thereby gaining access to modify programming commands, including the administration of inappropriate pacing or shocks.
While the FDA determined that the benefit provided to patients outweighs the risk of misuse, St. Jude Medical has developed, and the FDA has approved, a software patch that will address and reduce the risk of the vulnerability identified. The patch is available as of today and will be applied automatically to all Merlin@home Transmitters so long as they are plugged in and connected to the Merlin.net network.
Today’s announcement by the FDA demonstrates how hackers could potentially access implanted devices and cause serious harm, and even death, to a patient. As medical devices increasingly incorporate wireless technology the significance of hacking incidents rises exponentially, and networking threats and vulnerabilities will continue to be exposed. However, identifying these potential vulnerabilites in advance will assist in ensuring patient safety and mitigating potential network threats.
