Implantable cardiac devices and Merlin transmitter - Cybersecurity vulnerabilities have been reported

Access to the full content of this site is available only to registered healthcare professionals. Register to read more

ISSUE: The FDA is providing information and recommendations regarding St. Jude Medical's radio frequency (RF)-enabled implantable cardiac devices and Merlin@home Transmitter to reduce the risk of patient harm due to cybersecurity vulnerabilities. The FDA has reviewed information concerning potential cybersecurity vulnerabilities associated with St. Jude Medical's Merlin@home Transmitter and has confirmed that these vulnerabilities, if exploited, could allow an unauthorized user, i.e., someone other than the patient's physician, to remotely access a patient's RF-enabled implanted cardiac device by altering the Merlin@home Transmitter. The altered Merlin@home Transmitter could then be used to modify programming commands to the implanted device, which could result in rapid battery depletion and/or administration of inappropriate pacing or shocks. 

There have been no reports of patient harm related to these cybersecurity vulnerabilities.

To improve patient safety, St. Jude Medical has developed and validated a software patch for the Merlin@home Transmitter that addresses and reduces the risk of specific cybersecurity vulnerabilities. The patch, which will be available beginning January 9, 2017, will be applied automatically to the Merlin@home Transmitter. Patients and patient caregivers only need to make sure their Merlin@home Transmitter remains plugged in and connected to the Merlin.net network to receive the patch. The FDA has reviewed St. Jude Medical's software patch to ensure that it addresses the greatest risks posed by these cybersecurity vulnerabilities, and reduces the risk of exploitation and subsequent patient harm. The FDA conducted an assessment of the benefits and risks of using the Merlin@home Transmitter, and has determined that the health benefits to patients from continued use of the device outweigh the cybersecurity risks.

The FDA will continue to assess new information concerning the cybersecurity of St. Jude Medical's implantable cardiac devices and the Merlin@home Transmitter, and will keep the public informed if the FDA's recommendations change. The FDA reminds patients, patient caregivers, and health care providers that any medical device connected to a communications network (e.g. wi-fi, public or home Internet) may have cybersecurity vulnerabilities that could be exploited by unauthorized users. The increased use of wireless technology and software in medical devices, however, can also often offer safer, more efficient, convenient and timely health care delivery. The FDA will continue its work with manufacturers and health care delivery organizations—as well as security researchers and other government agencies—to develop and implement solutions to address cybersecurity issues throughout a device's total product lifecycle. The FDA takes reports of vulnerabilities in medical devices very seriously and has issued recommendations to manufacturers for continued monitoring, reporting, and remediation of medical device cybersecurity vulnerabilities.
 
BACKGROUND: Many...

Recommended for you

  • MedWatch Drug Updates
  • 1 comment

Class I recall of Penumbra 3D Revascularization device by Penumbra: delivery wire may break or separate during use

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of ED-530XT duodenoscopes by Fujifilm- Updated device design and labeling

Read more
  • FDA Drug Updates
  • 1 comment

FDA approved Vosevi (sofosbuvir/velpatasvir/voxilaprevir) for Hepatitis C

Read more
  • FDA Drug Updates
  • 1 comment

FDA approved Nerlynx (neratinib) for breast cancer

Read more
  • FDA Drug Updates
  • no comment

FDA approved Endari (L-glutamine) for sickle cell disease

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of Atar Extension Cables by Oscor- cable malfunction interrupting the pacing system

Read more
  • MedWatch Drug Updates
  • no comment

Recall of Novopen Echo Insulin Delivery Device by Novo Nordisk: Chemical exposure may damage cartridge holder

Read more
  • FDA Drug Updates
  • 1 comment

FDA approved Haegarda (C1 esterase inhibitor) for Hereditary Angioedema

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of Sten Z and M1 Alpha capsules by Andropharm: Contains anabolic steroids

Read more
  • MedWatch Drug Updates
  • 1 comment

Field Correction of system CS100, CS100i and CS300 Intra-Aortic Balloon Pumps by Datascope

Read more
  • MedWatch Drug Updates
  • no comment

Recall of Clindamycin Injection USP ADD-Vantage vials by Alvogen: Presence of microbial growth

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of Nitroglycerin Injection in 5% Dextrose USP by Advanced Pharma due to sub-potency

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of Paliperidone Extended-Release tablets, 3mg by Teva Pharmaceuticals due to failure of dissolution test

Read more
  • MedWatch Drug Updates
  • 1 comment

FDA safety alert: Navigational accuracy errors associated with frameless stereotaxic navigation systems

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of one lot Eliquis 5 mg tablets by Bristol-Myers Squibb- Contain product of incorrect strength

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of topical products by Phillips Company- Improper manufacturing practices affecting product's quality

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of Ultra-Sten and D-Zine capsules by Hardcore Formulations: Contains anabolic steroids

Read more
  • MedWatch Drug Updates
  • 1 comment

Drug safety alert: Canagliflozin (Invokana, Invokamet) may increase the risk of leg and foot amputations

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of Potassium Phosphate and Succinylcholine Chloride by PharMEDium Services: Presence of microbial growth

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of Succinylcholine Chloride 20mg/mL 5mL syringe by Fagron Sterile Services - Lack of sterility assurance

Read more
  • FDA Drug Updates
  • 1 comment

FDA approved Radicava (edaravone) for amyotrophic lateral sclerosis

Read more
  • MedWatch Drug Updates
  • 1 comment

Use of Medtronic’s NavLock Tracker with non-Medtronic instruments can cause spinal injury or death

Read more
  • FDA Drug Updates
  • 1 comment

FDA approved Rydapt (midostaurin) for acute myeloid leukemia

Read more
  • MedWatch Drug Updates
  • no comment

Recall of Potassium Phosphate and Succinylcholine Chloride by Advanced Pharma - Presence of microbial growth

Read more
  • FDA Drug Updates
  • 1 comment

FDA expands approved use of Stivarga (regorafinib) for liver cancer

Read more
  • FDA Drug Updates
  • 1 comment

FDA approved Brineura (cerliponase alfa) for Batten disease

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of Venture catheters by Vascular Solutions- Catheter tip may split or separate during use

Read more
  • MedWatch Drug Updates
  • 1 comment

Recall of 25% Dextrose Injection, USP, (Infant) by Hospira- Presence of particulate matter

Read more
  • FDA Drug Updates
  • no comment

FDA approved Ingrezza (valbenazine) for tardive dyskinesia

Read more
  • FDA Drug Updates
  • 1 comment

FDA approved Ocrevus (ocrelizumab) for multiple sclerosis

Read more