Santa Clara, CAToday the US Food and Drug Administration (FDA) issued information and recommendations regarding cybersecurity vulnerabilities for St. Jude Medical's radio frequency (RF)-enabled implantable cardiac devices and Merlin@home Transmitter. The agency, while confirming there is a risk for a breach, has also noted that to date they have not received any reports of patient harm related to these cybersecurity vulnerabilities.
The concerns stem from a possible risk for the cardiac devices being remotedy accessed by an unauthorized user that is someone other than a physician. If the Merlin@home Transmitter is accessed, it could then be used to modify programming commands to the implanted device, which could result in rapid battery depletion and/or administration of inappropriate pacing or shocks, according to the FDA statement.
The FDA statement notes that St. Jude Medical has developed and validated a software patch for the Merlin@home Transmitter that addresses and reduces the risk of specific cybersecurity vulnerabilities. The patch, which will be available beginning January 9, 2017, will be applied automatically to the Merlin@home Transmitter.
Patients and patient caregivers only need to make sure their Merlin@home Transmitter remains plugged in and connected to the Merlin.net network to receive the patch. Additionally, the agency stated that The St. Jude Medical's implantable cardiac devices contain configurable embedded computer systems that can be vulnerable to cybersecurity intrusions and exploits.
As medical devices become increasingly interconnected via the Internet, hospital networks, other medical devices, and smartphones, there is an increased risk of exploitation of cybersecurity vulnerabilities, some of which could affect how a medical device operates: any medical device connected to a communications network (e.g. wi-fi, public or home Internet) may have cybersecurity vulnerabilities that could be exploited by unauthorized users.
If you or a loved one have suffered losses in this case, please click the link below and your complaint will be sent to a defective products lawyer who may evaluate your claim at no cost or obligation.