Implantable Cardiac Devices Threatened By Hackers, FDA Warns
Cardiac implants have saved a lot of lives across the globe. Now, the U.S. Food and Drug Administration (FDA) that implantable cardiac devices are vulnerable to online hacking.
The new advice follows a probe into a wireless data transmitter used to transmit data from cardiac devices to medical providers, Merlin@home transmitter made by St. Jude Medical, has been found to be susceptible to tampering.
According to a cybersecurity notice issued by the FDA, any online hacking on the devices poses a health risk to the users. Though there have been no reports of hacking as of the moment, the regulatory agency said that the warning isn't about pacemakers themselves, but rather the transmitters made by St. Jude Medical.
The St. Jude Medical Merlin@home Transmitted uses a home monitor that can transmit and receive RF signals used to wirelessly connect to the patient's implanted cardiac device. The transmitter, found in the patient's home, sends the data to the physician via the Merlin.net Patient Care Network using a continuous cellular, landline or wireless internet connection.
"Many medical devices including St. Jude Medical's implantable cardiac devices contain configurable embedded computer systems that can be vulnerable to cybersecurity intrusions and exploits," FDA warned in its cyber security notice.
"As medical devices become increasingly interconnected via the Internet, hospital networks, other medical devices, and smartphones, there is an increased risk of exploitation of cyber security vulnerabilities, some of which could affect how a medical device operates," it added.
With a new software patch, the FDA said that the health benefits of the continued use of the device would outweigh the cybersecurity risks.
Patients using the transmitters are advised to continue their normal routine of consultations with their doctors and keep their transmitters connected to Wi-Fi so that it can automatically upgrade with the new software patches.
"The safety and security of patients are always our primary focus," Phil Ebeling, vice president and chief technology officer at St. Jude Medical, said as reported by ABC News.
"We'll continue to work with agencies, security researchers, physicians and others in the industry in a coordinated way to develop best practices and standards that further enhance the security of devices across the medical industry," he added.