By CS Staff · January 12, 2017
The Department of Homeland Security announced on Tuesday that a manufacturer’s heart devices could be hacked remotely.
Manufacturer St. Jude Medical made a software repair to the devices, which include implantable defibrillators and pacemakers, that will be rolled out automatically over the next few months, according to CBS News.
The software update can be implemented if patients have a device transmitter at home that is plugged in and connected to the company’s network.
The cybersecurity vulnerability was discovered by MedSec Holdings researchers months ago, and a federal investigation began in August. Officials are not aware of any evidence to indicate any patients have been injured or killed due to the flaw, although the Food and Drug Administration’s investigation is ongoing.
“Your average patient isn’t going to be targeted by assassins,” Mathew Green, an assistant professor for computer science at Johns Hopkins University, says. “An attack on this level is low probability but very high impact.”
Although all of the device vulnerabilities have not been addressed, FDA spokeswoman Angela Stark says St. Jude is working to fix the problems quickly.
Campus Safety has previously reported on medical device vulnerabilities in products made by Hospira, which is now owned by Pfizer. The FDA later strongly encouraged healthcare facilities to stop using two intravenous pump systems as a result of those problems.
St. Jude’s devices detect dangerous pumping patterns in hearts to treat irregular heart rhythms that can cause cardiac failure or arrest.