In a cybersecurity notice the organization posted on its website, the FDA has warned that certain pacemakers, specifically the Merlin@home Transmitters made by St. Jude Medical, could potentially be hacked in which the hacker could “remotely access a patient’s RF-enabled implanted cardiac device by altering the Merlin@home Transmitter.”
The FDA also claims that this could be dangerous as it would allow hackers to modify the programming of the device. “The altered Merlin@home Transmitter could then be used to modify programming commands to the implanted device, which could result in rapid battery depletion and/or administration of inappropriate pacing or shocks.”
The good news is that so far there has not been any reports of attacks on the device, and that St. Jude Medical has already developed a patch that should address the issue. It will be deployed on the 9th of January, 2017 and all patients need to do is ensure that the device is plugged in and connected to the Merlin.net network to receive the patch.