Implantable cardiac devices and Merlin transmitter - Cybersecurity vulnerabilities have been reported

Access to the full content of this site is available only to registered healthcare professionals. Register to read more

ISSUE: The FDA is providing information and recommendations regarding St. Jude Medical's radio frequency (RF)-enabled implantable cardiac devices and Merlin@home Transmitter to reduce the risk of patient harm due to cybersecurity vulnerabilities. The FDA has reviewed information concerning potential cybersecurity vulnerabilities associated with St. Jude Medical's Merlin@home Transmitter and has confirmed that these vulnerabilities, if exploited, could allow an unauthorized user, i.e., someone other than the patient's physician, to remotely access a patient's RF-enabled implanted cardiac device by altering the Merlin@home Transmitter. The altered Merlin@home Transmitter could then be used to modify programming commands to the implanted device, which could result in rapid battery depletion and/or administration of inappropriate pacing or shocks. 

There have been no reports of patient harm related to these cybersecurity vulnerabilities.

To improve patient safety, St. Jude Medical has developed and validated a software patch for the Merlin@home Transmitter that addresses and reduces the risk of specific cybersecurity vulnerabilities. The patch, which will be available beginning January 9, 2017, will be applied automatically to the Merlin@home Transmitter. Patients and patient caregivers only need to make sure their Merlin@home Transmitter remains plugged in and connected to the Merlin.net network to receive the patch. The FDA has reviewed St. Jude Medical's software patch to ensure that it addresses the greatest risks posed by these cybersecurity vulnerabilities, and reduces the risk of exploitation and subsequent patient harm. The FDA conducted an assessment of the benefits and risks of using the Merlin@home Transmitter, and has determined that the health benefits to patients from continued use of the device outweigh the cybersecurity risks.

The FDA will continue to assess new information concerning the cybersecurity of St. Jude Medical's implantable cardiac devices and the Merlin@home Transmitter, and will keep the public informed if the FDA's recommendations change. The FDA reminds patients, patient caregivers, and health care providers that any medical device connected to a communications network (e.g. wi-fi, public or home Internet) may have cybersecurity vulnerabilities that could be exploited by unauthorized users. The increased use of wireless technology and software in medical devices, however, can also often offer safer, more efficient, convenient and timely health care delivery. The FDA will continue its work with manufacturers and health care delivery organizations—as well as security researchers and other government agencies—to develop and implement solutions to address cybersecurity issues throughout a device's total product lifecycle. The FDA takes reports of vulnerabilities in medical devices very seriously and has issued recommendations to manufacturers for continued monitoring, reporting, and remediation of medical device cybersecurity vulnerabilities.
 
BACKGROUND: Many...

Recommended for you

  • MedWatch Drug Updates
  • 1 comment

Recall of XtraHRD Natural Male Enhancement Capsules by Organic Herbal Supply - Contains undeclared drug ingredients

Read more
  • FDA Drug Updates
  • 1 comment

FDA approves Siliq (brodalumab) for psoriasis

Read more
  • FDA Drug Updates
  • 1 comment

FDA approved Parsabiv (etelcalcetide) for hyperparathyroidism in dialysis patients

Read more
  • FDA Drug Updates
  • 1 comment

FDA approval of Emflaza (deflazacort) for duchenne muscular dystrophy

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of Human chorionic gonadotropin freeze dried vials by Synergy Rx – Lack of sterility assurance

Read more
  • FDA Drug Updates
  • 1 comment

Approval of Trulance (plecanatide) for chronic idiopathic constipation

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of Ibuprofen lysine injection, 20 mg /2 mL by Exela Pharma Sciences – Presence of particulate matter

Read more
  • MedWatch Drug Updates
  • 1 comment

Class I Recall of Alaris Syringe Pump Module by CareFusion – Faulty sensor may generate false alarm

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of Well Balance Xanthium & Siler Combo dietary supplement by Kingsway - Contains banned ephedra alkaloids

Read more
  • MedWatch Drug Updates
  • 1 comment

Chlorhexidine gluconate - Rare but serious allergic reactions have been reported

Read more
  • FDA Drug Updates
  • 1 comment

First drug approved for treatment of spinal muscular atrophy

Read more
  • MedWatch Drug Updates
  • 1 comment

Class I Recall of Halo One Thin-Walled Guiding Sheath by Bard Peripheral Vascular

Read more
  • FDA Drug Updates
  • 1 comment

FDA approved Rubraca (rucaparib) for BRCA+ advanced ovarian cancer

Read more
  • FDA Drug Updates
  • 1 comment

FDA approved Eucrisa (crisaborole) for atopic dermatitis

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of vancomycin hydrochloride for Injection, USP by Hospira - Presence of particulate matter in vial

Read more
  • FDA Drug Updates
  • 1 comment

FDA approved Soliqua 100/33 (insulin glargine and lixisenatide) for type II diabetes

Read more
  • FDA Drug Updates
  • 1 comment

FDA approved Xultophy 100/3.6 (insulin degludec and liraglutide injection)

Read more
  • MedWatch Drug Updates
  • no comment

Class I Recall of FindrWIRZ Guidewire System by SentreHeart – Possible separation of polytetrafluoroethylene coating

Read more
  • FDA Drug Updates
  • 1 comment

FDA approved Intrarosa (prasterone) for dyspareunia

Read more
  • MedWatch Drug Updates
  • 1 comment

ED-3490TK video duodenoscope by Pentax – Recommendations update to prevent patient infection

Read more
  • MedWatch Drug Updates
  • 1 comment

Fujifilm Medical Systems has removed certain older duodenoscope models

Read more
  • FDA Drug Updates
  • 1 comment

FDA approves Tecentriq (atezolizumab) for treatment of urothelial carcinoma

Read more
  • MedWatch Drug Updates
  • 1 comment

Class I Recall of Dialog+ Hemodialysis System by B. Braun Medical due to defective conductivity sensors

Read more
  • MedWatch Drug Updates
  • 1 comment

FDA urges not to use PNC products for cancer treatment due to microbial contamination

Read more
  • FDA Drug Updates
  • 1 comment

FDA approved Nuplazid (pimavanserin) for Parkinson’s disease psychosis

Read more
  • MedWatch Drug Updates
  • 1 comment

Class I Recall of Ventricular assist device pumps by HeartWare – Loose connection may cause alarm failure

Read more
  • MedWatch Drug Updates
  • 1 comment

Implantable infusion pumps – FDA alerts about important safety precautions

Read more
  • MedWatch Drug Updates
  • 1 comment

Implantable cardiac devices and Merlin transmitter - Cybersecurity vulnerabilities have been reported

Read more
  • MedWatch Drug Updates
  • 1 comment

TAH-t Companion 2 and Freedom Driver System by SynCardia Systems – Risk of mortality and neurological adverse

Read more
  • FDA Drug Updates
  • 1 comment

FDA approved Zinplava (bezlotoxumab) for prevention of Clostridium difficile

Read more