Implantable cardiac devices and Merlin transmitter - Cybersecurity vulnerabilities have been reported

Access to the full content of this site is available only to registered healthcare professionals. Register to read more

ISSUE: The FDA is providing information and recommendations regarding St. Jude Medical's radio frequency (RF)-enabled implantable cardiac devices and Merlin@home Transmitter to reduce the risk of patient harm due to cybersecurity vulnerabilities. The FDA has reviewed information concerning potential cybersecurity vulnerabilities associated with St. Jude Medical's Merlin@home Transmitter and has confirmed that these vulnerabilities, if exploited, could allow an unauthorized user, i.e., someone other than the patient's physician, to remotely access a patient's RF-enabled implanted cardiac device by altering the Merlin@home Transmitter. The altered Merlin@home Transmitter could then be used to modify programming commands to the implanted device, which could result in rapid battery depletion and/or administration of inappropriate pacing or shocks. 

There have been no reports of patient harm related to these cybersecurity vulnerabilities.

To improve patient safety, St. Jude Medical has developed and validated a software patch for the Merlin@home Transmitter that addresses and reduces the risk of specific cybersecurity vulnerabilities. The patch, which will be available beginning January 9, 2017, will be applied automatically to the Merlin@home Transmitter. Patients and patient caregivers only need to make sure their Merlin@home Transmitter remains plugged in and connected to the Merlin.net network to receive the patch. The FDA has reviewed St. Jude Medical's software patch to ensure that it addresses the greatest risks posed by these cybersecurity vulnerabilities, and reduces the risk of exploitation and subsequent patient harm. The FDA conducted an assessment of the benefits and risks of using the Merlin@home Transmitter, and has determined that the health benefits to patients from continued use of the device outweigh the cybersecurity risks.

The FDA will continue to assess new information concerning the cybersecurity of St. Jude Medical's implantable cardiac devices and the Merlin@home Transmitter, and will keep the public informed if the FDA's recommendations change. The FDA reminds patients, patient caregivers, and health care providers that any medical device connected to a communications network (e.g. wi-fi, public or home Internet) may have cybersecurity vulnerabilities that could be exploited by unauthorized users. The increased use of wireless technology and software in medical devices, however, can also often offer safer, more efficient, convenient and timely health care delivery. The FDA will continue its work with manufacturers and health care delivery organizations—as well as security researchers and other government agencies—to develop and implement solutions to address cybersecurity issues throughout a device's total product lifecycle. The FDA takes reports of vulnerabilities in medical devices very seriously and has issued recommendations to manufacturers for continued monitoring, reporting, and remediation of medical device cybersecurity vulnerabilities.
 
BACKGROUND: Many...

Recommended for you

  • FDA Drug Updates
  • 1 comment

FDA approved Aliqopa (copanlisib) for the treatment of relapsed follicular lymphoma

Read more
  • FDA Drug Updates
  • 1 comment

FDA approved Mvasi (bevacizumab-awwb) for the treatment of cancer

Read more
  • MedWatch Drug Updates
  • 1 comment

FDA alert: Incorrect dosing of Ocaliva (obeticholic acid) associated with increased risk of serious liver injury

Read more
  • MedWatch Drug Updates
  • 1 comment

FDA advise on use of opioid addiction medication in patients taking benzodiazipines or CNS depressants

Read more
  • MedWatch Drug Updates
  • 1 comment

FDA recommends separate dosing for Kayexalate (sodium polystyrene sulfonate) from all other oral drugs

Read more
  • MedWatch Drug Updates
  • 1 comment

Class I Recall of Intra-Aortic Balloon Pump by Datascope/MAQUET- False blood detection alarm and ingress of fluid into the pump

Read more
  • MedWatch Drug Updates
  • no comment

FDA statement on risks of unapproved use of Keytruda (pembrolizumab) for treatment of multiple myeloma

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of Piyanping Anti-Itch Lotion by Lucky Mart Inc.: Contain wrong active pharmaceutical ingredient

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of VV28F Reinforced Dual Lumen ECMO Catheters by OriGen Biomedical- Extension tube may separate from hub

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of Diabetes Infusion Sets by Medtronic -Vent Membrane susceptible to blocking by fluid

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of Baby Organic Liquid Formula by Garden of Life: Misleading direction for use

Read more
  • FDA Drug Updates
  • 1 comment

FDA approves Besponsa (inotuzumab ozogamicin) for acute lymphoblastic leukemia

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of Activase (alteplase) 100mg by Genentech due to lack of sterility assurance

Read more
  • FDA Drug Updates
  • 1 comment

New targeted treatment approved for relapsed or refractory acute myeloid leukemia

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of Oxytocin compounded with either Lactated Ringers or Lactated Ringers and Dextrose by PharMEDium

Read more
  • MedWatch Drug Updates
  • 1 comment

FDA Alert- Not to use Alcohol Pads or Benzalkonium Chloride Antiseptic Towelettes by Foshan Flying Medical Products

Read more
  • MedWatch Drug Updates
  • 1 comment

Class I recall of Penumbra 3D Revascularization device by Penumbra: delivery wire may break or separate during use

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of one lot of Vancomycin Hydrochloride for Injection USP, 750 mg/vial by Hospira: Presence of particulate matter

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of Doctor Manzanilla Cough & Cold and Allergy & Decongestant Relief Syrup: Contaminated with Burkholderia cepacia

Read more
  • FDA Drug Updates
  • 1 comment

FDA approved Vosevi (sofosbuvir/velpatasvir/voxilaprevir) for Hepatitis C

Read more
  • FDA Drug Updates
  • 1 comment

FDA approved Nerlynx (neratinib) for breast cancer

Read more
  • FDA Drug Updates
  • 1 comment

FDA approved Endari (L-glutamine) for sickle cell disease

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of Novopen Echo Insulin Delivery Device by Novo Nordisk: Chemical exposure may damage cartridge holder

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of Atar Extension Cables by Oscor- cable malfunction interrupting the pacing system

Read more
  • FDA Drug Updates
  • 1 comment

FDA approved Haegarda (C1 esterase inhibitor) for Hereditary Angioedema

Read more
  • MedWatch Drug Updates
  • 1 comment

Field Correction of system CS100, CS100i and CS300 Intra-Aortic Balloon Pumps by Datascope

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of Clindamycin Injection USP ADD-Vantage vials by Alvogen: Presence of microbial growth

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of lorazepam oral concentrate, USP 2mg/mL - defect in the dropper markings

Read more
  • MedWatch Drug Updates
  • no comment

Class I recall of Zenith Alpha Thoracic Endovascular Graft by Cook Medical – thrombus may form inside the device

Read more
  • MedWatch Drug Updates
  • 1 comment

FDA safety alert: Navigational accuracy errors associated with frameless stereotaxic navigation systems

Read more