On Monday, during a press conference, the US Food and Drug Administration, announced that the pacemakers and defibrillators produced by St. Jude’s Medical are susceptible to hacker attacks. According to the institution’s investigations, the company’s Merlin Cardiac Devices can easily be hacked due to a security vulnerability. The hackers can potentially deplete the device’s battery or render them useless.
During a press conference held on Monday, the US Food and Drug Administration confirmed that the Merlin Cardiac Devices, produced by St. Jude’s Medical, can be hacked and that the results can potentially be disastrous.
The implantable devices, which were supposed to be the crowning achievement of biotechnology, were found to a weakness in their security network. As a result, they can become susceptible to hacker attacks.
The institution said that the devices communicate with a special PC transmitter via a specific radio frequency. Therefore, anyone possessing the proper knowledge can disrupt the communication channel between the pacemaker and its transmitter and the implication are quite severe.
Hackers with access to the pacemaker can deplete its battery at a much faster rate or can instruct the device to administer a life-threatening shock. Bear in mind that the Merlin Cardiac Devices are part pacemakers and part defibrillator. This means that when the device detects an abnormal heart activity, it will automatically send an electrical shock, in an attempt to stabilize the heart.
A person who is capable of taking advantage of the device’s lax security can potentially kill him or her by tampering with the device’s functions.
Shortly after the US Food and Drug Administration said that the devices are unsafe, St. Jude’s Medical, the company which produces the Merlin cardiac devices, launched a cyber-security upgrade, aimed to fix the vulnerability.
According to the company, the pacemaker can be upgraded to the new version starting on Monday. To perform the upgrade, the pacemaker’s user must connect the device to his computer via capable and make sure that the Internet connection is active.
Although, St. Jude’s Medical declared that the new cyber-upgraded patched the vulnerability issue, the US Food and Drug Administration stated that the company failed to address six other cyber-security issues.
For the time being, the doctors and the company recommend patients that experience dizziness, short of breath, chest pain, lightheadedness, or loss of consciousness to report to their physician immediately.
Image source: St. Jude’s Medical