FDA Finds – cardiac devices can be hacked
St. Jude – FDA – Hacking Hearts
In not so shocking news the FDA has confirmed that St. Jude’s cardiac devices can be hacked.
Why this isn’t shocking?
Because any device whether it be in your chest or in your little finger, or sitting on your kitchen counter that is considered a connected device can be hacked and if it can’t be today you can bet that someone in the world is trying to find a way to hack it, so it may be hackable sooner than you think.
Today, the FDA found that St. Jude Medical’s implantable cardiac devices have vulnerabilities that could allow a hacker to access a device.
These devices, pacemakers and defibrillators happen to be used to monitor and control a patient’s heart functions and to prevent heart attacks. Once hacked, hackers could potentially issue shocks to the heart that the patient doesn’t need or administer the wrong pacing.
Which, truth be known is not really minor stuff.
This nasty little vulnerability was found in the transmitter that reads the device’s data and remotely shares it with physicians.
Naturally, hackers could control a device by accessing its transmitter.
The good news is that no one has been hurt because of this. Yet.
Not to worry because St. Jude has developed a patch to fix the vulnerabilities, patients who have devices affected by the vulnerability.
Patients who have the Merlin@home Transmitter must be plug it in and then connect it to the Merlin.net network.
This serves as a really good reminder that connected devices for life saving reasons are not even safe these days.
More planning and insurances will need to be thought about so that connected devices that are used for health reasons are developed in such a way that they will not be left vulnerable to hacking.
Cristal M Clark