14 DAY TRIAL // The United States Food and Drug Administration (FDA) issued a notice today to warn that a number of pacemakers are vulnerable to hackers, with cybercriminals getting full control of the devices.
Specifically, the FDA says it’s aware that the Merlin@home transmitters manufactured by St. Jude Medical can be hijacked by hackers, who can then send various commands to the device, including to stop them or to emit shocks that would eventually kill patients.
These transmitters use a wireless RF signal to connect to home monitors or doctors’ systems and transmit data regarding cardiac activity, uploading the information to the Merlin.net Patient Care Network, where it can be closely inspected by physicians.
No attacks so far, patch needs to be deployed ASAP
Hackers can intercept the signal and get control of the pacemakers, the FDA warns, and there’s a chance that this could put patients’ lives at risk.
“The FDA has reviewed information concerning potential cybersecurity vulnerabilities associated with St. Jude Medical's Merlin@home Transmitter and has confirmed that these vulnerabilities, if exploited, could allow an unauthorized user, i.e., someone other than the patient's physician, to remotely access a patient's RF-enabled implanted cardiac device by altering the Merlin@home Transmitter,” the FDA says in the notice.
“The altered Merlin@home Transmitter could then be used to modify programming commands to the implanted device, which could result in rapid battery depletion and/or administration of inappropriate pacing or shocks.”
No attacks have been recorded so far, but the FDA says that St. Jude Medical has already developed a software patch, and all pacemakers need to be running it to be fully protected against the vulnerability. Available since January 9, the patch is automatically applied once the transmitter is plugged and connected to the Merlin.net network.
Although attacks after applying the patch should no longer happen, the FDA says that patients must keep an eye on their medical condition and report immediate medical attention should they experience symptoms of lightheadedness, dizziness, loss of consciousness, chest pain, or severe shortness of breath.