After an FDA probe, St. Jude rolls out an update fixing the Merlin@home issue

1129714 autosave v1 hackers22
Shutterstock
St. Jude Medical stated on January 9 that it has begun deploying security updates to its Merlin.net Patient Care Network system. Reports surfaced in late 2016 that the Merlin@home transmitter used to monitor specific St. Jude Medical implanted devices could be hacked and potentially used to kill the patient. The implants in question span pacemakers (Assurity and Endurity) and Implantable Cardioverter Defibrillators (Ellipse and Fortify Assura).

Reports of the vulnerability prompted an investigation by the U.S. Food and Drug Administration, and a new warning about the potential hazards until the problem is resolved by St. Jude Medical. However, while the implants are radio frequency-enabled, they don’t connect directly to the internet through Wi-Fi.

Instead, they can be accessed through the Merlin@home monitor or in-office medical diagnostic equipment. The underlying problem is that the Merlin@home device does connect to the internet.

The FDA, through its investigation, confirmed that a hacker could remotely access the Merlin@home transmitter and alter the device to gain complete control. After that, the hacker could use the transmitter to silently reprogram the patient’s implant, leading to a faster battery depletion, incorrect pacing, or unnecessary shocks, depending on the implant.

“Many medical devices—including St. Jude Medical’s implantable cardiac devices—contain configurable embedded computer systems that can be vulnerable to cybersecurity intrusions and exploits,” the FDA said on Monday. “As medical devices become increasingly interconnected via the Internet, hospital networks, other medical devices, and smartphones, there is an increased risk of exploitation of cybersecurity vulnerabilities, some of which could affect how a medical device operates.”

St. Jude Medical said that it’s not aware of any cybersecurity incidents related to its devices in the United States. It’s also not aware of any specific St. Jude Medical device or system used in clinics that has been specifically targeted. And while hackers intentionally going after St. Jude Medical devices is highly unlikely, the company is making its current update public knowledge so that patients can rest assured their implants are safe from any outside modifications.

“We’ve partnered with agencies such as the U.S. Food and Drug Administration (FDA) and the U.S. Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) unit, and are continuously reassessing and updating our devices and systems, as appropriate,” said Phil Ebeling, vice president and chief technology officer at St. Jude Medical.

Patients relying on the Merlin@home service need to make sure the transmitter is plugged in and powered on, and that it’s connected to a land line or cellular service to receive the update. According to St. Jude Medical, the update includes additional “validation and verification” features for the communication between the Merlin@home transmitter and the Merlin.net online service. Additional updates will be distributed throughout 2017.

“The FDA has reviewed St. Jude Medical’s software patch to ensure that it addresses the greatest risks posed by these cybersecurity vulnerabilities, and reduces the risk of exploitation and subsequent patient harm,” the FDA added. “The FDA conducted an assessment of the benefits and risks of using the Merlin@home Transmitter, and has determined that the health benefits to patients from continued use of the device outweigh the cybersecurity risks.”

The Merlin@home transmitter is used to collect information from the patient’s implant, and to send the data to caregivers through the online Merlin.net network. In turn, physicians can keep track of the device and make necessary changes without the need for an office visit.

Product Review

4K and 144Hz? Yup, the Acer Predator XB3 will max out your gaming PC

The Predator XB3 isn’t for the faint of heart. But if you have a system that can push over 100 frames per second in 4K screen resolution, this monster of a monitor might be the perfect match for your overpowered gaming rig.
Emerging Tech

Researchers gave alligators headphones and ketamine, and all for a good cause

Researchers in Germany and the United States recently gave ketamine and earphones to alligators to monitor how they process sounds. Here's what it reveals about alligator evolution.
Computing

Here are the best affordable monitors for your budget desktop

Looking for the best budget monitors? These monitors are affordable, but still provide the features you need for gaming, work, home or other plans! Take a look at the displays and your wallet will thank you.
Computing

The Unevn One is a portable desk that brings PC gaming on the road

Bringing a gaming PC outside your usual setup can be a challenge, but the Unevn One is the first all-in-one, portable gaming desk complete with a computer chassis and integrated monitor mount.
Health & Fitness

AncestryDNA price drop makes it more affordable to discover your family origins

In step with St. Patrick's Day's emphasis on roots, AncestryDNA cut its price for a DNA-based ancestry search by $40. Send in a saliva sample to receive an estimated ethnicity breakdown, locations of origin, and possible living relatives.
Deals

Bowflex’s spring sale has limited-time deals on treadmills, home gyms, and more

Gyms membership are expensive which is home gyms are a great alternative. When it comes to home gyms, Bowflex designs great fitness training equipment for your home so you can get the full gym experience. Right now Bowflex is offering huge…
Deals

This Bowflex promo code will save you up to $1,000 on training equipment

The Bowflex HVT machine is designed to fit anyone's needs. Whether you're getting back into shape or you train every day, Bowflex's HVT, which stands for hybrid velocity training, combines both cardio and working out in one machine. Now you…
Gaming

Sony could use a robot to turn your PlayStation into a fitness machine

Sony submitted a patent application for a robotic device equipped with a camera to assist in your workout. The images included suggest that the device will work with your PlayStation console.
Deals

Stay fit and save cash with our top 10 affordable Fitbit alternatives

As much as we love Fitbits, they're rather expensive. If all you want is a simple activity tracker, however, then check out these great cheap Fitbit alternatives. With offerings from brands like Garmin, you don't need to pay full price.
Outdoors

Yamaha’s Wabash ebike takes on gravel, single track, and more

The Wabash gravel ebike from Yamaha gives riders a versatile and powerful option for riding trails, pavement, mud, sand, dirt, and more, with plenty of range and power for all-day adventures.
Mobile

Even older Apple Watches could be effective at spotting heart conditions

The Apple Watch Series 4 is known for detecting heart conditions like atrial fibrillation thanks to having an electrocardiograph feature. It turns out that older Apple Watches could be effective at tracking AFib, too.
Health & Fitness

Under Armour HOVR is more than a running shoe, it’s a fitness tracker

Under Armour HOVR running shoes bring more to the table than just a comfortable fit. With UA's Record Sensor technology, you can track distance, duration, and even the path you take as you run.
Outdoors

Trek’s new bike helmet is 48 times safer than the one you’re wearing

Trek and Bontrager have taken the wraps off of a new cycling helmet that uses WaveCel technology to dramatically reduce head injuries by dispersing the impact in a way that is 48 times safer than current helmets.
Emerging Tech

Inflating smart pills could be a painless alternative to injections

Could an inflating pill containing hidden microneedles replace painful injections? The creators of the RaniPill robotic capsule think so — and they have the human trials to prove it.