DHS Warns of Heart Devices’ Cybersecurity Vulnerabilities

No deaths or injuries have been reported as a result of the problem.

The Department of Homeland Security announced on Tuesday that a manufacturer’s heart devices could be hacked remotely.

Manufacturer St. Jude Medical made a software repair to the devices, which include implantable defibrillators and pacemakers, that will be rolled out automatically over the next few months, according to CBS News.

The software update can be implemented if patients have a device transmitter at home that is plugged in and connected to the company’s network.

RELATED: Healthcare Network Settles With OCR for Breach of Notification Requirements

The cybersecurity vulnerability was discovered by MedSec Holdings researchers months ago, and a federal investigation began in August. Officials are not aware of any evidence to indicate any patients have been injured or killed due to the flaw, although the Food and Drug Administration’s investigation is ongoing.

“Your average patient isn’t going to be targeted by assassins,” Mathew Green, an assistant professor for computer science at Johns Hopkins University, says. “An attack on this level is low probability but very high impact.”

Although all of the device vulnerabilities have not been addressed, FDA spokeswoman Angela Stark says St. Jude is working to fix the problems quickly.

Campus Safety has previously reported on medical device vulnerabilities in products made by Hospira, which is now owned by Pfizer. The FDA later strongly encouraged healthcare facilities to stop using two intravenous pump systems as a result of those problems.

St. Jude’s devices detect dangerous pumping patterns in hearts to treat irregular heart rhythms that can cause cardiac failure or arrest.

Read Next: Hospital Security Officer Evacuates Patients, Staff Before Gas Explosion

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Get Our Newsletters
Campus Safety Online Summit Promo Campus Safety HQ