·  Legal News, Analysis, & Commentary

News & Politics

Can Your Heart Device Be Hacked?

— January 17, 2017

Heart device users beware. The Homeland Security Department and FDA recently issued warnings about a cybersecurity flaw in one of St. Jude’s medical devices, an implantable heart device. The warning was issued upon discovering that hackers could potentially “take control of a person’s defibrillator or pacemaker” remotely. As if that’s not bad enough, this flaw was identified months ago by researchers at MedSac Holdings, a “cyber security research company that focuses on the health-care industry.” However, news of the flaw was only just “formally made public after the manufacturer, St. Jude Medical, made a software repair available Monday.”

Despite the security flaw, patients and doctors have been given the okay by the FDA to continue using the implanted heart devices, following updates. Fortunately, there have been “no reports of patients harmed by the” security flaws, and all software repairs and updates are expected to be “pushed out to St. Jude home monitors that enable doctors to track their performance” in the near future.

But how dangerous could potential hacks be? What sort of damage could a hack have on a person with one of these implanted heart devices? For starters, there are two types of hacks that can occur in devices that don’t undergo the updates and repairs being pushed out. One type of hack “could cause implanted devices to pace at potentially dangerous rates and one that drains the batteries.” Another type of hack could “administer inappropriate and dangerous shocks to a person’s heart.”

St. Jude Medical; Image Courtesy of Greenville Online,
St. Jude Medical; Image Courtesy of Greenville Online,

These dire, potentially deadly, consequences are why St. Jude’s Medical and other agencies are working hard to roll out repairs and updates. But what is the device and what does it do? Why is it so important to patients and physicians? Well, the St. Jude’s device is designed to treat “dangerous irregular heart rhythms that can cause cardiac failure or arrest.” It’s implanted “under the skin of the chest” and works to “electronically pace heartbeats and shock the heart back to its normal rhythm when dangerous pumping patterns are detected.” From there, the device’s transmitter, otherwise known as the Merlin@home Transmitter, transmits “details on the device’s performance to a website where the patient’s physician can review the information.”

While the FDA’s review into the cybersecurity flaw is ongoing, this situation does raise awareness regarding the growing “problems of cybersecurity in an increasingly networked world.” For now, however, there is no need for unnecessary panic. After all, as Matthew Green, an assistant professor of computer science at Johns Hopkins University recently said, “your average patient isn’t going to be targeted by assassins.”

For now, we can only wait and see how things will play out and hope the security updates are successful in countering the cyber security flaws that are leaving many across the country vulnerable.


Homeland Security Warns That Certain Heart Devices Can Be Hacked

St. Jude Heart Devices Get Cyber Security Updates After Probe Into Hack Vulnerability

Join the conversation!