Implantable cardiac devices are a vital piece of medical equipment in today’s world. These devices operate inside the body to monitor and treat various heart conditions. A well-known example is the pacemaker. Many of these devices contain embedded computer systems, which can be used to program commands and automatically transmit vital data from the patient’s home to their doctor. This ability greatly improves the ability to monitor changes in the user’s condition, but it also makes them vulnerable to cybersecurity issues.
St. Jude Medical has released a software patch addressing cybersecurity issues with their radio frequency enabled devices and Merlin@home transmitter. The affected devices include pacemakers, defibrillators, and resynchronization devices prior to version 8.2.2.
There have been no reports of patient harm, but the vulnerabilities could allow an unauthorized user to alter the transmitter and access the device. If programming commands to the device are modified, it could result in rapid battery depletion or inappropriate pacing/shocks.
The software patch is available starting January 9th and the update will be automatically applied to the transmitters over the next couple of months when they are plugged in and connected to the Merlin.net network. The patch was reviewed by the FDA and it was determined that the benefits of continuing to use the device during the transition time outweigh the cybersecurity risks.
The FDA will continue to assess the situation and keep the public informed if their recommendations change. St. Jude Medical has additional software updates planned for 2017.
We hope that this information is helpful to you. If you have any questions, please feel free to contact Focal Point Research. We are industry leading Medical Device Consultants that you can trust to help guide your company in the right direction.