News & Perspective
Drugs & Diseases
CME & Education
Academy
Video
Decision Point

Specialty: Multispecialty
Allergy & Immunology
Anesthesiology
Cardiology
Critical Care
Dermatology
Diabetes & Endocrinology
Emergency Medicine
Family Medicine
Gastroenterology
General Surgery
Hematology - Oncology
HIV/AIDS
Hospital Medicine
Infectious Diseases
Internal Medicine
Multispecialty
Nephrology
Neurology
Ob/Gyn & Women's Health
Oncology
Ophthalmology
Orthopedics
Pathology & Lab Medicine
Pediatrics
Plastic Surgery
Psychiatry
Public Health
Pulmonary Medicine
Radiology
Rheumatology
Transplantation
Urology
Today on Medscape
Business of Medicine
Medical Lifestyle
Science & Technology
Medical Students
Nurses
Pharmacists
Residents
Edition: English

Medscape

English
Deutsch
Español
Français
Português
UKNew

Univadis

Sign Up It's Free!
English Edition

Medscape

Univadis

    X
    Univadis from Medscape

    No Results

      Monday, December 4, 2023
      News & Perspective Drugs & Diseases CME & Education Academy Video Decision Point
      News > News Alerts > Heartwire

      FDA Offers Advice for Hacking Risks With St Jude Cardiac Devices

      Patrice Wendling

      January 09, 2017

      The US Food and Drug Administration (FDA) today issued a Safety Communication to reduce the risk of patient harm due to cybersecurity vulnerabilities associated with St Jude Medical's radio-frequency–enabled implantable cardiac devices and corresponding Merlin@home Transmitter[1].

      After months of reviewing information, the FDA confirmed there are "vulnerabilities" that if exploited could allow an unauthorized user to "remotely access a patient's RF-enabled implanted cardiac device by altering the Merlin@home Transmitter."

      The FDA said there has been no reports of patient harm related to the cybersecurity vulnerabilities but that if hacked, the "transmitter could be used to modify programming commands to the implanted device, which could result in rapid battery depletion and/or administration of inappropriate shocks."

      St Jude Medical also today released a cybersecurity software patch that will be automatically pushed to the Merlin@home Transmitter. "The update includes additional validation and verification between Merlin@home devices and Merlin.net," according to a St Jude Medical press release[2].

      Patients and their caregivers only need to make sure the transmitter remains plugged in and connected to the Merlin.net network to receive the update, the FDA notes. The agency also recommends physicians:

      • Continue to conduct in-office follow-up, per normal routine, for patients with cardiac devices monitored with the Merlin@home Transmitter.

      • Remind patients to keep their Merlin@home Transmitter connected to ensure receipt of necessary patches and updates.

      • Contact St Jude Medical's Merlin@home customer service at 877-My-Merlin or visit www.sjm.com/Merlin for additional information.

      Patients are also advised to follow labeling instructions provided with the transmitter and to consult with their physician(s) for routine care and follow-up.

      The recommendations come after months of speculation following claims in August 2016 by the San Francisco-based Muddy Waters Capital that St Jude's cardiac devices were susceptible to cyber attacks. St Jude's stock tumbled at the time, but the hacking claims did not stop last week's acquisition of St Jude, one of the world's largest device makers, by Chicago-based Abbott Laboratories.

      "The FDA conducted an assessment of the benefits and risks of using the Merlin@home Transmitter and has determined that that the health benefits to patients from continued use of the device outweigh the cybersecurity risks," the FDA report states.

      Muddy Waters was quick to respond to today's actions by the FDA and St Jude, writing in a statement, "This long-overdue acknowledgement, just days after completion of St Jude's sale to Abbott Laboratories, reaffirms our belief that the company puts profits over patients. It also reaffirms our belief that had we not gone public, St Jude would not have remediated the vulnerabilities. Regardless, the announced fixes do not appear to address many of the larger problems, including the existence of a universal code that could allow hackers to control the implants."[3]

      Follow Patrice Wendling on Twitter: @pwendl. For more from theheart.org, follow us on Twitter and Facebook.

      Comments

      3090D553-9492-4563-8681-AD288FA52ACE
      Comments on Medscape are moderated and should be professional in tone and on topic. You must declare any conflicts of interest related to your comments and responses. Please see our Commenting Guide for further information. We reserve the right to remove posts at our sole discretion.

      processing....

      Feedback
      Help us make reference on Medscape the best clinical resource possible. Please use this form to submit your questions or comments on how to make this article more useful to clinicians.
      Pleasedo not use this form to submit personal or patient medical information or to report adverse drug events. You are encouraged to report adverse drug event information to the FDA.
      Find Us On
      About
      About Medscape Privacy Policy Editorial Policy Cookies Terms of Use Advertising Policy Help Center
      Membership
      Become a Member About You Professional Information Newsletters & Alerts Market Research
      App
      Medscape
      WebMD Network
      Medscape Live Events WebMD MedicineNet eMedicineHealth RxList WebMD Corporate Medscape UK
      Editions
      English Deutsch Español Français Português UK
      All material on this website is protected by copyright, Copyright © 1994-2023 by WebMD LLC. This website also contains material copyrighted by 3rd parties.