St Jude’s Issues Emergency Patch to Avoid Cardiac Device Hacking

Various devices we use on a daily basis are prone to hacking and unauthorized access by third parties. In most cases, these issues would not affect our health all that much. A recent announcement by the FDA states how St. Jude Medical’s cardiac devices contain vulnerabilities that allow remote access by a hacker. It is possible to deplete the battery or even send incorrect shocks to the wearer’s heart.

Hackable Pacemakers Is The Last Thing We Need

St. Jude Medical deploys pacemakers and defibrillators, which are used to monitor patients’ heart conditions at all times. As is the case with any of these devices, they contain an operating system, on which “applications” are running to collect all kinds of sensory input. This software is also used to pace the heartbeat or administer shocks.

Vulnerabilities found in the machines’ code could allow hackers to gain remote control over such a pacemaker or defibrillator. If a hacker has malicious intents, they can drain the battery of the device entirely, putting the victim’s life in danger. Thankfully, St. Jude has put together a software update that will fix this problem, yet obtaining it may be more complicated than assumed.

To receive the new software patch, device owners must connect their [email protected] Transmitter to the Merlin.net network. In most cases, this will not be much of a problem, yet elderly patients may not necessarily pick up this patch. It will be up to St. Jude staffers to keep track of who has the right update, ¬†and whom might need help to receive it. Without this patch, consumers’ health will remain at risk, and some people may even die from such a hack.




According to the FDA, no patients have been hurt as a result of these software vulnerabilities. That is positive news, although the issue highlights a bigger underlying problem. Cybersecurity risks are found in virtually every device we use today, including those tools designed to improve our health and longevity. Additionally, rumors had been circulating in August of 2016 as to how St Jude’s devices could be hacked.

What is of particular concern is how the issues may have never been fixed if there was no public campaign to raise awareness about this matter. Although it is difficult to tell if St. Jude would have addressed the situation regardless of the public campaign, the fact they knew about this potential issue for months is never a good sign.

Carson Block, the founder of Muddy Waters and publisher of the initial vulnerability report in 2016, is not satisfied with the software patch. He feels this patch “does not address many of the larger problems. The existence of a universal code giving hackers control over the implants has not been solved.” Internet-connected devices will always pose a systemic risk, including those within our own bodies.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.