St. Jude cardiac devices can be hacked the FDA confirmed it. The FDA added once hacker successfully hacked the device they could deplete the battery of input incorrect pacing or shocks.
The pacemaker and defibrillators are used to monitor and control heart function of patients. These devices could also prevent heart attacks.
A software patch was developed by St. Jude to fix the St. vulnerabilities. The said the patch will automatically be applied to affected devices starting Monday.
For the devices to receive the patch, the Merlin@home Transmitter must be plugged in and linked to the Merlin.net network.
However, there were no cases where patients were harmed as a result of the devices' vulnerability. FDA said that patients could still use St. Jude cardiac devices.
Abbot Laboratories, which recently acquired St. Jude cardiac devices in a deal worth $ 25 billion dollars, said they are working together with FDA and DHS to upgrade the security of the affected devices.
Candace Steele Flippin, a spokeswoman for Abbott told CNN in an email that as they have been doing for years they will continue to actively address cyber security risks and potential vulnerabilities and enhance our systems.
The vulnerability was found in the transmitter that reads the device's data and remotely shares it with physicians. FDA said hackers could access it's transmitter and control the device.
According to the Fox 61 News, Muddy Waters, founder Carson Block published a report claiming St. Jude's devices could be hacked and that he was sorting the stock, August 2016.
St. Jude claimed that the statement above was untrue and filed a lawsuit against the firm.
According to the Medscape, FDA conducted benefits and risk regarding the usage of Merlin@home Transmitter and has found out that the health benefits to patients of continued use of the device outweigh the cybersecurity risks.
The confirmation of the vulnerability of the St. Jude cardiac devices is a reminder that there is danger in internet connected devices. Because of this the FDA published guidance for manufacturers on how to proactively address cybersecurity risks, December.