Around 3 million people rely on pacemakers to keep their hearts beating. Chances are, someone in your immediate or extended family, or even in your circle of friends, has one of these devices regulating their heart rhythms. What would happen if that device suddenly stopped working?
The results would be devastating. It's frightening enough to think about on its own, but when you add cybercrime into the mix, it gets even scarier.
We warn you about hacks and breaches on a daily basis. Those security threats typically target your smartphone, tablet or personal computer. Or, sometimes they're Facebook scams or fraudulent emails. This threat, however, takes cybercrime to a whole new level.
Muddy Waters, a private equity firm that specializes in research, recently released a report that expressed serious concerns over the safety of pacemakers manufactured by St. Jude Medical. In fact, the concerns were so significant the report even suggests that the products be "recalled and remediated."
According to Muddy Waters' research, these pacemakers are vulnerable to two types of cyberattacks that can cause the device to malfunction, drain the battery or shut off completely.
Yes, that's right. These pacemakers can be hacked. Even worse, they can be hacked fairly easily with a device also manufactured by St. Jude Medical that can be purchased for around $35 on eBay.
An individual within a 50-foot radius could easily reverse-engineer a home monitoring device called "Merlin@home" to manipulate a patient's pacemaker into speeding up, slowing down or even shutting down.
After the report was released, a medical research company named MedSec investigated further and found that the issue also extends to cardioverter defibrillators and cardiac resynchronization therapy devices.
"The vulnerabilities we discovered at St. Jude were appalling to us when compared to other medical device makers," MedSec's CEO explained.
St. Jude Medical released a statement on their website hoping to regain the confidence of the public.
The statement reads:
"Protection of confidential patient and consumer information is a high priority for us. We will remain vigilant to potential security vulnerabilities of our products and data in light of ever-increasing technological sophistication. St. Jude Medical performs security testing on our medical devices and networked equipment. We continually assess our investments in people, process and technology to protect patient safety, patient data, our medical devices and the company’s intellectual property and business information.
"Given the dynamic and changing nature of cybersecurity, we also partner with experts, others in the industry and regulators, to develop appropriate safeguards for our data and devices. Our work with a variety of firms that are experts in this area helps to develop appropriate safeguards for our data and devices. These alliances with security specialists help to make medical devices safe and serve the intended purpose of saving lives."
Insurance companies are also backing St. Jude Medical, claiming that the devices are perfectly safe. So, who should you believe?
For now, all we know is that two independent research companies are saying there's a major problem.
You may not have a pacemaker yourself, but you probably know someone who does. Patients with existing pacemakers should contact their doctors right away to see if their pacemaker was manufactured by St. Jude Medical.
This story also demonstrates the expanding threats that are becoming possible as technology advances. To hear more ways the health care industry is now vulnerable, listen to our special podcast. Press play to see how your medical records and safety could be at risk.