Implantable cardiac devices and Merlin transmitter - Cybersecurity vulnerabilities have been reported

Access to the full content of this site is available only to registered healthcare professionals. Register to read more

ISSUE: The FDA is providing information and recommendations regarding St. Jude Medical's radio frequency (RF)-enabled implantable cardiac devices and Merlin@home Transmitter to reduce the risk of patient harm due to cybersecurity vulnerabilities. The FDA has reviewed information concerning potential cybersecurity vulnerabilities associated with St. Jude Medical's Merlin@home Transmitter and has confirmed that these vulnerabilities, if exploited, could allow an unauthorized user, i.e., someone other than the patient's physician, to remotely access a patient's RF-enabled implanted cardiac device by altering the Merlin@home Transmitter. The altered Merlin@home Transmitter could then be used to modify programming commands to the implanted device, which could result in rapid battery depletion and/or administration of inappropriate pacing or shocks. 

There have been no reports of patient harm related to these cybersecurity vulnerabilities.

To improve patient safety, St. Jude Medical has developed and validated a software patch for the Merlin@home Transmitter that addresses and reduces the risk of specific cybersecurity vulnerabilities. The patch, which will be available beginning January 9, 2017, will be applied automatically to the Merlin@home Transmitter. Patients and patient caregivers only need to make sure their Merlin@home Transmitter remains plugged in and connected to the Merlin.net network to receive the patch. The FDA has reviewed St. Jude Medical's software patch to ensure that it addresses the greatest risks posed by these cybersecurity vulnerabilities, and reduces the risk of exploitation and subsequent patient harm. The FDA conducted an assessment of the benefits and risks of using the Merlin@home Transmitter, and has determined that the health benefits to patients from continued use of the device outweigh the cybersecurity risks.

The FDA will continue to assess new information concerning the cybersecurity of St. Jude Medical's implantable cardiac devices and the Merlin@home Transmitter, and will keep the public informed if the FDA's recommendations change. The FDA reminds patients, patient caregivers, and health care providers that any medical device connected to a communications network (e.g. wi-fi, public or home Internet) may have cybersecurity vulnerabilities that could be exploited by unauthorized users. The increased use of wireless technology and software in medical devices, however, can also often offer safer, more efficient, convenient and timely health care delivery. The FDA will continue its work with manufacturers and health care delivery organizations—as well as security researchers and other government agencies—to develop and implement solutions to address cybersecurity issues throughout a device's total product lifecycle. The FDA takes reports of vulnerabilities in medical devices very seriously and has issued recommendations to manufacturers for continued monitoring, reporting, and remediation of medical device cybersecurity vulnerabilities.
 
BACKGROUND: Many...

Recommended for you

  • MedWatch Drug Updates
  • no comment

Drug safety alert: Canagliflozin (Invokana, Invokamet) may increase the risk of leg and foot amputations

Read more
  • MedWatch Drug Updates
  • 1 comment

Class I Recall of HeartMate II LVAS Pocket System Controller by Abbott-Thoratec- Controller malfunction after exchange

Read more
  • MedWatch Drug Updates
  • 1 comment

Class I Recall of V60 Non-invasive ventilator by Respironics- Unexpected stop in ventilation therapy

Read more
  • MedWatch Drug Updates
  • no comment

Gadolinium-based contrast agent for MRI- No adverse effects reported with gadolinium retention in the brain

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of Tri-Ton by Dynamic Technical Formulations LLC- Presence of unapproved drug andarine and ostarine

Read more
  • FDA Drug Updates
  • 1 comment

FDA approved Radicava (edaravone) for amyotrophic lateral sclerosis

Read more
  • MedWatch Drug Updates
  • 1 comment

Use of Medtronic’s NavLock Tracker with non-Medtronic instruments can cause spinal injury or death

Read more
  • FDA Drug Updates
  • 1 comment

FDA approved Rydapt (midostaurin) for acute myeloid leukemia

Read more
  • MedWatch Drug Updates
  • 1 comment

Safety alert against LeadCare Testing Systems by Magellan Diagnostics due to inaccurate test results

Read more
  • FDA Drug Updates
  • 1 comment

FDA approved Brineura (cerliponase alfa) for Batten disease

Read more
  • FDA Drug Updates
  • 1 comment

FDA expands approved use of Stivarga (regorafinib) for liver cancer

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of Coronary Catheters by Abbott due to difficulty in removing the protective balloon sheath

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of 25% Dextrose Injection, USP, (Infant) by Hospira- Presence of particulate matter

Read more
  • FDA Drug Updates
  • 1 comment

FDA approved Ingrezza (valbenazine) for tardive dyskinesia

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of GEC Laxoplex dietary supplement by Genetic Edge Compounds- Contaminated with anabolic steroids

Read more
  • FDA Drug Updates
  • 1 comment

FDA approved Ocrevus (ocrelizumab) for multiple sclerosis

Read more
  • FDA Drug Updates
  • no comment

FDA approved Zejula (niraparib) for recurrent epithelial ovarian, fallopian tube or primary peritoneal cancer

Read more
  • FDA Drug Updates
  • 1 comment

FDA approves Dupixent (dupilumab) for atopic dermatitis

Read more
  • MedWatch Drug Updates
  • 1 comment

Class I Recall of ventricular assist device controllers and DC adapter by Medtronic Mechanical Circulatory Support

Read more
  • FDA Drug Updates
  • 1 comment

FDA approved Bavencio (avelumab) for Merkel cell carcinoma

Read more
  • MedWatch Drug Updates
  • no comment

Recall of the Wingman35 Crossing Catheters by ReFlow Medical- Tip splitting resulted in adverse events

Read more
  • FDA Drug Updates
  • no comment

FDA approved Xadago (safinamide) for Parkinson’s disease

Read more
  • MedWatch Drug Updates
  • 1 comment

Drug safety alert: New warning on use of anesthetic/sedation drugs in young children, pregnant women

Read more
  • MedWatch Drug Updates
  • 1 comment

FDA warning- Illegal selling of products that fraudulently claim to prevent, diagnose, treat or cure cancer

Read more
  • FDA Drug Updates
  • 1 comment

FDA approved Odactra for house dust mite allergies

Read more
  • FDA Drug Updates
  • 1 comment

Approval of Xermelo (telotristat ethyl) for carcinoid syndrome diarrhea

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of Phenobarbital tablets, USP, 15 mg by C.O. Truxton- Mislabeling with incorrect strength

Read more
  • MedWatch Drug Updates
  • 1 comment

FDA restricts use of codeine and tramadol in children and breastfeeding women-Risk of serious adverse reactions

Read more
  • FDA Drug Updates
  • 1 comment

FDA approves Siliq (brodalumab) for psoriasis

Read more
  • FDA Drug Updates
  • 1 comment

FDA approved Parsabiv (etelcalcetide) for hyperparathyroidism in dialysis patients

Read more