FDA Probe Warns St. Jude Heart Implants Vulnerable to Cyberattacks

On Monday, Federal US regulators warned that a dangerous amount of pacemakers and implantable heart defibrillators—made by St. Jude Medical—can be vulnerable to attacks from computer hackers.  Fortunately, though, they have also announced that a security patch is ready and available.

According to a safety notice published on Monday by the United States Food and Drug Administration, it is entirely possible for a hacker to break into St. Jude’s wireless communication network and remotely control the devices to change commands in any of these devices, even after they have been implanted and wired to a patient’s heart.
Now, the potential for these attacks was first introduced by an investment firm, back in August. At the time it was only alleged that such an attack could cause one of these lifesaving devices to lose battery power dramatically, for example, or give its owner inappropriate electric shocks.  Fortunately, federal officials emphasize that nobody has ever reported such a cyberattack.

The safety alert notes: “As medical devices become increasingly interconnected via the internet, hospital networks, other medical devices and smartphones, there is an increased risk of exploitation of cybersecurity vulnerabilities, some of which could affect how a medical device operates.”

FDA and United States Department of Homeland Security Cybersecurity researchers have, alas, confirmed such vulnerabilities; and within nary a week Abbott Laboratories scooping up St. Jude Medical in a deal worth approximately $23 billion deal.

As such. St Jude executive (now the chief technology officer with Abbott’s cardiovascular device arm) Phil Ebeling, comments, “We’ve partnered with agencies such as the U.S. Food and Drug Administration and the U.S. Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team unit and are continuously reassessing and updating our devices and systems, as appropriate.”

The FDA safety alert also adds: “Keep in mind that although all connected medical devices, including this one, carry certain risks, the FDA has determined that the benefits to patients from continued use of the device outweigh the risks.”

Finally, St Jude Medical Cyber Security Medical’s Cyber Security Medical Advisory Board chairman, Dr. Leslie Saxon, notes, “It’s increasingly important to understand how innovation and cybersecurity impact physicians and the patients we treat. We are committed to working to proactively address cybersecurity risks in medical devices while preserving the proven benefits of remote monitoring to assess patient status and device function.”