It may sound too much like a Black Mirror plotline to be true, but alas, it is. On Monday, the Food and Drug Administration warned that certain cardiac devices could be susceptible to online hacking.
The FDA’s statement said that pacemakers, defibrillators, and other heart devices produced by St. Jude Medical, a Minnesota-based medical device company, may have put patients at risk for cybersecurity concerns. While no hacking has been reported, the concern for possible tampering is high enough that the FDA is issuing warning for hacking threats.
“Many medical devices — including St. Jude Medical’s implantable cardiac devices — contain configurable embedded computer systems that can be vulnerable to cybersecurity intrusions and exploits,” the FDA said in a statement.
St. Jude’s devices work by being implanted in the skin and being connected to the heart via insulated wires. The device works with the Merlin@home Transmitter, which sends a patient’s information to their doctor. The FDA warns that hackers could exploit the transmitter and “modify programming commands to the implanted device.”
As medical devices become increasingly interconnected via the internet and smartphones, the FDA said there’s an increased risk that someone could hack into a heart device and gain control. In other words, someone could hack into your pacemaker and literally play with your heart and life by changing your heart rate, administering shocks, or even depleting the battery.
The FDA also said that it will continue to work with St. Jude as well as security researchers to find solutions for hacking vulnerabilities. In an email to Motherboard, St. Jude said that it would implement updates to its devices in 2017 to ensure patient safety.
Meanwhile, patients who use the transmitter are encouraged to continue a normal routine of checkups with their healthcare provider, as the FDA has determined that “the benefits to patients from continued use of the device outweigh the risks.”
Find the Original Article Here