A report issued a week ago today by the FDA has outlined Cybersecurity vulnerabilities in Cardiac Devices at St. Jude Medical Hospital. The cardiac devices referenced are usually implanted under the skin of patients who have bradycardia — a slow heartbeat — or tachycardia — a fast heartbeat. as well as those recovering from heart failure.
The FDA’s review showed that hackers could gain illicit access to the implanted cardiac devices without the physician’s knowledge and alter programmed commands. Criminals would have been able to access the devices and deplete the batteries rapidly or administer inappropriate pacing or shocks, per the report. The agency’s assessment stated “the health benefits to patients from continued use of the device outweigh the cybersecurity risks.+
Thankfully, there have been no reports of patients being negatively affected by the Cybersecurity vulnerabilities. A patch to the transmitter software was developed and sent out over the air on January 9th.
This is the first time a United States agency has acknowledged security risks to medical devices. As medical devices become more intertwined with the internet and hospital networks, resources will need to be directed to the protection and hardening of these vital services.