Skip to main content

After an FDA probe, St. Jude rolls out an update fixing the Merlin@home issue

1129714 autosave v1 hackers22
St. Jude Medical stated on January 9 that it has begun deploying security updates to its Patient Care Network system. Reports surfaced in late 2016 that the Merlin@home transmitter used to monitor specific St. Jude Medical implanted devices could be hacked and potentially used to kill the patient. The implants in question span pacemakers (Assurity and Endurity) and Implantable Cardioverter Defibrillators (Ellipse and Fortify Assura).

Reports of the vulnerability prompted an investigation by the U.S. Food and Drug Administration, and a new warning about the potential hazards until the problem is resolved by St. Jude Medical. However, while the implants are radio frequency-enabled, they don’t connect directly to the internet through Wi-Fi.

Instead, they can be accessed through the Merlin@home monitor or in-office medical diagnostic equipment. The underlying problem is that the Merlin@home device does connect to the internet.

The FDA, through its investigation, confirmed that a hacker could remotely access the Merlin@home transmitter and alter the device to gain complete control. After that, the hacker could use the transmitter to silently reprogram the patient’s implant, leading to a faster battery depletion, incorrect pacing, or unnecessary shocks, depending on the implant.

“Many medical devices—including St. Jude Medical’s implantable cardiac devices—contain configurable embedded computer systems that can be vulnerable to cybersecurity intrusions and exploits,” the FDA said on Monday. “As medical devices become increasingly interconnected via the Internet, hospital networks, other medical devices, and smartphones, there is an increased risk of exploitation of cybersecurity vulnerabilities, some of which could affect how a medical device operates.”

St. Jude Medical said that it’s not aware of any cybersecurity incidents related to its devices in the United States. It’s also not aware of any specific St. Jude Medical device or system used in clinics that has been specifically targeted. And while hackers intentionally going after St. Jude Medical devices is highly unlikely, the company is making its current update public knowledge so that patients can rest assured their implants are safe from any outside modifications.

“We’ve partnered with agencies such as the U.S. Food and Drug Administration (FDA) and the U.S. Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) unit, and are continuously reassessing and updating our devices and systems, as appropriate,” said Phil Ebeling, vice president and chief technology officer at St. Jude Medical.

Patients relying on the Merlin@home service need to make sure the transmitter is plugged in and powered on, and that it’s connected to a land line or cellular service to receive the update. According to St. Jude Medical, the update includes additional “validation and verification” features for the communication between the Merlin@home transmitter and the online service. Additional updates will be distributed throughout 2017.

“The FDA has reviewed St. Jude Medical’s software patch to ensure that it addresses the greatest risks posed by these cybersecurity vulnerabilities, and reduces the risk of exploitation and subsequent patient harm,” the FDA added. “The FDA conducted an assessment of the benefits and risks of using the Merlin@home Transmitter, and has determined that the health benefits to patients from continued use of the device outweigh the cybersecurity risks.”

The Merlin@home transmitter is used to collect information from the patient’s implant, and to send the data to caregivers through the online network. In turn, physicians can keep track of the device and make necessary changes without the need for an office visit.

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
ClipDart is an on-demand barber app aimed at people of color
ClipDart founder, Kyle Parker.

It’s funny how we can take certain things for granted, like haircuts. Over the course of more than 50 years of living in different cities, different neighborhoods, or even visiting different countries, not once have I ever worried about whether I could find someone who could cut my hair the way I liked. Then again, I’m white.

But if you’re a person of color, it can be an entirely different experience. That’s what Kyle Parker discovered when he left his hometown of Chicago in 2013 to attend Grinnell College in Grinnell, Iowa, population 9,031. While 24% of Grinnell College’s students identify themselves as people of color, fewer than 10% of residents of the city of Grinnell would say the same of themselves.

Read more
Circular confirms its $259 smart ring is coming to the U.S.
best wearables of ces 2022 circular ring

The Circular smart ring is finally going to be available for pre-order on Sunday, February 27, via the Circular website and will cost $259. The wearable tech will be available for presale in European countries (France, Germany, the U.K., and Italy,) the United States, Australia, Hong Kong, and Singapore. Pre-orders will go live at 1:30 p.m. ET on Sunday, February 27. Those who pre-order the smart ring should expect delivery between April and June 2022, according to a Circular press release.

Circular doesn't clarify what ring sizes will be available when presales go live, however, the company has said that seven sizes for both men and women will be available. Digital Trends has reached out for clarification on the available sizes, and will update this article when we hear back. The Circular smart ring also comes in four different colors that can be switched out with replaceable outer shells: Black, rose gold, silver, and gold.

Read more
How to take an ECG with your Apple Watch and see irregular heart notifications
ecg app apple watch

The ECG app is one of the most vital features of the Apple Watch, allowing you to see an electrocardiogram of your heart whenever you want. Along with this, the Apple Watch can notify you of irregular heart rhythms.

Read more