Do you have a pacemaker, or know someone who does? Approximately 3 million people rely on these tiny machines to keep their hearts beating. That’s why it was alarming to hear the news that thousands of pacemakers were vulnerable to hacks.
This past summer, a company called Muddy Waters – a private research company – discovered that pacemakers made by St. Jude Medical had some serious cybersecurity gaps.
According to the research completed by Muddy Waters, hackers could purchase and easily modify a home monitoring device called the Merlin@home (which is also manufactured by St. Jude Medical) and use it to control someone’s pacemaker remotely.
Of course, the hacked device would need to be within a 50-foot radius, but the consequences could have been devastating. If this hack were carried out, the criminals could remotely control the pacemaker, causing it to speed up, slow down, or stop altogether by draining the battery.
In response to the claims made by Muddy Waters, the FDA and DHS launched their own investigations and found what they called “potentially life-threatening” problems. A recommendation was even made that the pacemakers be recalled immediately. But, what about all of the pacemakers that had already been implanted into someone’s body?
It’s been nearly six months since pacemakers from St. Jude Medical were first identified as potential risks. However, we’re just now hearing that the company has fixed the problem.
This past week, St. Jude announced that security patches had been made for the devices. Significant updates have been released for the Merlin@home remote, which should correct the vulnerability.
So far, there have been no reported incidents, but when it comes to cybersecurity, you can never take things lightly.
If you, or someone you know, has a pacemaker, it’s a good idea see which model was used. Although the problem with the Merlin@home remote monitors has been corrected, an excerpt from St. Jude Medical’s press release proves it’s still a serious issue.
The company explained: “All medical devices using remote monitoring are exposed to the risk of a potential [cyber security] attack.”
The press release also shared that seven updates have already been issued for the Merlin@home remote monitors in an effort to keep up with the ever-changing trends in cybersecurity.
As for the latest update, St. Jude Medical confirmed it will be available and implemented immediately. Additional updates are also planned for release later this year.