Hackers and ICDs: What to Know About Today’s Medtronic Warning

Today, it was announced by the U.S. Department of Homeland Security that 750,000 implantable defibrillators manufactured by Medtronic could potentially be vulnerable to hacking.

As reported by the Minneapolis Star-Tribune, many Medtronic implantable defibrillators currently in use may contain vulnerabilities which could potentially be exploited by hackers via their use of programmer devices or bedside monitors. According to Medtronic, no such episodes have been reported and such interference is extremely unlikely because any would-be hacker would have to be within 20 feet of a patient and would also need in-depth and specialized knowledge of the device’s programming features.

Medtronic has assured patients that there is no imminent danger and it promises that the issue will be solved with a programming patch that will be forthcoming. No action is required by patients other than keeping their bedside monitors plugged in and secure in their homes. Patients should discuss any specific concerns with their physician.

You can read the notice from Homeland Security here which lists all models affected..

You can read the security bulletin issued by Medtronic here.

You can read another story about the issue from Ars Technica here.

Could St. Jude ICDs be a Target for Hackers? FDA Issues Safety Advisory

The U.S. Food and Drug Administration today issued a safety advisory regarding St. Jude Medical implantable cardiac devices used in conjunction with St. Jude’s proprietary Merlin @home Transmitter.

According to the advisory, these devices could potentially be vulnerable to hacking. However, only a highly skilled hacker would be sophisticated enough to exploit the vulnerability.  Such unwarranted interference could conceivably cause premature battery depletion or unnecessary shocks.

A software patch has been developed for the Merlin @home monitor designed to address the issue and to reduce the risk of hacking.  The update is now available and will be applied automatically to the Merlin monitor.

***Patients only need to make sure their Merlin@home Transmitter remains plugged in and connected in order to receive the software patch.***

Short-selling firm Muddy Waters first went public with this information in August, believing that it might cause a pending $25 billion acquisition of St. Jude Medical by Abbott Laboratories to fall apart. However, the deal closed last week despite the issue.

See also:

This article on Medscape

This article in the Minneapolis Star Tribune.

This article on Huffington Post.

This article on CNBC.