Hackers May Hack Into St. Jude’s Pacemakers & Defibrillators To Deliver Damaging Shock To The Heart, Warns Homeland Security

Abbott Laboratories’ St. Jude devices are known for treating dangerous uneven heart beats that can lead to cardiac arrest and even cardiac failure. However, in a shocking report by the Homeland Security Department on Tuesday, it was revealed that an unusual cybersecurity flaw in the devices may allow hackers to remotely control the pacemakers and defibrillators. This has come as a shock to many even though no cases of hacking have been reported.

Cybersecurity research company MedSec, that focuses on the healthcare industry, identified the security flaw months ago. However, it was only made public after St. Jude Medical released a software repair on Monday. Security patches will be automatically rolled out in coming months to patients with a device transmitter. It must be plugged in and connected to the company network. The transmitters send back heart device data to medical experts.

Investigation into the problem started in August 2016 though Abbott Laboratories explained in a statement that it was unaware of any death or injuries suffered by any patient. Even the Food and Drug Administration did not find any evidence. MedSec CEO Justine Bone argued on Twitter that the software fix does not address all the issues. The [email protected] Transmitter, also manufactured by the company can also be hacked.

The device sends performance data to a website where the patient’s physician can easily monitor the data. FDA’s investigation has confirmed the vulnerabilities that can be hacked and used to administer dangerous shock to a person’s heart, alter pacing and drastically deplete the implanted device’s battery, reports ABC News via AP. Thus, any new device submitted to the FDA won’t be approved without the software update.

READ  Demonetization has turned India into a key target for cybercriminals, says F-Secure

“Your average patient isn’t going to be targeted by assassins. An attack on this level is low-probability but very high-impact, probably the most impactful vulnerability I’ve ever seen,” said Johns Hopkins University’s assistant professor for computer science, Matthew Green.