• Politics
  • Diversity, equity and inclusion
  • Financial Decision Making
  • Telehealth
  • Patient Experience
  • Leadership
  • Point of Care Tools
  • Product Solutions
  • Management
  • Technology
  • Healthcare Transformation
  • Data + Technology
  • Safer Hospitals
  • Business
  • Providers in Practice
  • Mergers and Acquisitions
  • AI & Data Analytics
  • Cybersecurity
  • Interoperability & EHRs
  • Medical Devices
  • Pop Health Tech
  • Precision Medicine
  • Virtual Care
  • Health equity

Pacemakers Can Be Hacked, Manufacturer Confirms


It isn't just a TV trope. Twenty years ago, the FDA probably didn't dream it would ever have to address this sort of thing.

Today the US Food and Drug Administration (FDA) and St.Jude’s Medical issued a patch to the software of its Merlin@home Transmitter. The announcement confirmed that in this case, fact could be was stranger than fiction—or at least equally nefarious.

“The FDA has reviewed information concerning potential cyber security vulnerabilities associated with St. Jude Medical’s Merline@home Transmitter and has confirmed that these vulnerabilities, if exploited, could allow an unauthorized user, i.e., someone other than the patient’s physician to remotely access a patient’s RF-enabled implanted cardiac device,” the FDA wrote in an advisory today.

In the words of the FDA, such cyber-intrusion “could result in rapid battery depletion and/or administration of inappropriate pacing or shocks.” The announcement made it clear that this has never happened, as far as the company and the FDA know.

The patch is being automatically sent to the device system today, the FDA said. The agency said many medical devices contain configurable embedded computer systems that can be vulnerable to intrusion.

“As medical devices become increasingly interconnected via the Internet, hospital networks, other medical devices, and smartphones, there is an increased risk of exploitation of cyber security vulnerabilities, some of which could affect how a medical device operates,” the FDA said.

Physicians are advised as follows:

  • Continue to conduct in-office follow-up, per normal routine, with patients who have an implantable cardiac device that is monitored using the Merlin@home Transmitter.
  • Remind patients to keep their Merlin@home Transmitter connected as this will ensure that patients' devices receive the necessary patches and updates.
  • Contact St. Jude Medical's Merlin@home customer service at 1-877-My-Merlin, or visit www.sjm.com/Merlin disclaimer icon for answers to questions and additional information regarding St. Jude Medical's implantable cardiac devices, or the Merlin@home Transmitter.

The FDA offers the following advice for patients:

  • Follow the labeling instructions provided with your Merlin@home Transmitter. Keeping your monitor connected as directed will ensure your monitor receives necessary updates and patches. Keep in mind that although all connected medical devices, including this one, carry certain risks, the FDA has determined that the benefits to patients from continued use of the device outweigh the risks.
  • Consult with your physician(s) for routine care and follow-up. Your ongoing medical management should be individualized based on your medical history and clinical condition.

The FDA also directs consumers to St. Jude's Medical's website and service hotline, advising patients to "seek immediate medical attention if you have symptoms of lightheadedness, dizziness, loss of consciousness, chest pain, or severe shortness of breath."

The alert from the FDA is on its MedWatch site.

Related Videos
Image: Ron Southwick, Chief Healthcare Executive
Related Content
© 2024 MJH Life Sciences

All rights reserved.