It isn't just a TV trope. Twenty years ago, the FDA probably didn't dream it would ever have to address this sort of thing.
Today the US Food and Drug Administration (FDA) and St.Jude’s Medical issued a patch to the software of its Merlin@home Transmitter. The announcement confirmed that in this case, fact could be was stranger than fiction—or at least equally nefarious.
“The FDA has reviewed information concerning potential cyber security vulnerabilities associated with St. Jude Medical’s Merline@home Transmitter and has confirmed that these vulnerabilities, if exploited, could allow an unauthorized user, i.e., someone other than the patient’s physician to remotely access a patient’s RF-enabled implanted cardiac device,” the FDA wrote in an advisory today.
In the words of the FDA, such cyber-intrusion “could result in rapid battery depletion and/or administration of inappropriate pacing or shocks.” The announcement made it clear that this has never happened, as far as the company and the FDA know.
The patch is being automatically sent to the device system today, the FDA said. The agency said many medical devices contain configurable embedded computer systems that can be vulnerable to intrusion.
“As medical devices become increasingly interconnected via the Internet, hospital networks, other medical devices, and smartphones, there is an increased risk of exploitation of cyber security vulnerabilities, some of which could affect how a medical device operates,” the FDA said.
Physicians are advised as follows:
The FDA offers the following advice for patients:
The FDA also directs consumers to St. Jude's Medical's website and service hotline, advising patients to "seek immediate medical attention if you have symptoms of lightheadedness, dizziness, loss of consciousness, chest pain, or severe shortness of breath."
The alert from the FDA is on its MedWatch site.
Cybersecurity panel: Hospitals threatened by attacks aimed at vendors
November 4th 2024Chief Healthcare Executive presents another installment from our conversation on cybersecurity, with experts from the American Hospital Association, HIMSS and Providence. They talk about breaches tied to business partners.
Cybersecurity panel: The scope of recent ransomware attacks in healthcare
October 28th 2024Chief Healthcare Executive hosted a discussion on cybersecurity with leading experts from the American Hospital Association, HIMSS and the Providence health system. They talked about the growing problem of cyberattacks.