FDA Issues Cybersecurity Alert for St. Jude Medical ICDs

The US Food and Drug Administration (FDA) has issued recommendations regarding radio frequency (RF)-enabled implantable cardiac devices (ICD) and the [email protected] Transmitter^™ to reduce the risk of patient harm from potential cybersecurity vulnerabilities.

An unauthorized user could remotely access a patient’s RF-enabled ICD by “altering” the [email protected] Transmitter, which could then be used to modify programming commands to the ICD. Rapid battery depletion and/or inappropriate pacing or shocks could occur as a result.

St. Jude Medical, Inc. has developed a software patch for the [email protected] Transmitter, which the FDA has reviewed. To receive the patch, the transmitter simply needs to remain plugged in and connected to the Merlin.net network.

After conducting an assessment of the [email protected] Transmitter, the FDA has determined that the health benefits to patients outweigh the possible cybersecurity risks.

Patients who have symptoms of lightheadness, dizziness, loss of consciousness, chest pain, or severe shortness of breath are advised to seek immediate medical attention.

For more information, visit the FDA Safety Communication or St. Jude Medical.

Reference

Implantable cardiac devices and [email protected] transmitter by St. Jude Medical: FDA safety communication – cybersecurity vulnerabilities identified [news release]: Silver Spring, MD. US Food and Drug Administration; January 9, 2017. www.fda.gov/Safety/MedWatch/SafetyInformation/SafetyAlertsforHumanMedicalProducts
/ucm535979.htm. Accessed January 11, 2017.