INDIANAPOLIS (WISH) — Doctors and patients continue to wrestle with the possibility of medical devices being hacked. The issue came to the forefront in August by Muddy Waters Research, a publication about investments. They said St. Jude devices were vulnerable to hackers and that’s what prompted other groups like the FDA to look closer.
Then in January, St. Jude rolled out a software patch to tighten security on the devices. It’s important to note that hackers have not accessed any devices, but the vulnerabilities were uncovered.
“I do feel like it’s far-fetched. I’m not sure what the motive would be for somebody,” Rachel Shepherd said.
Shepherd has cardiomyopathy and congestive heart failure and has a bi-ventricular ICD, which is a pacemaker and a defibrillator in her chest.
“It took 13 years and then last year it shocked me for the first time, twice in one night. I’m thankful that it saved my life,” Shepherd said.
The FDA said if a hacker did gain control, they could deplete battery life or administer incorrect pacing or shocks.
“It’s important that companies and especially the federal government as well, invest in such endeavors, looking at specifically security related issues and security breaches, potential security breaches, so they’re identified up-front rather than through an issue after the issue has occurred,” Dr. Gopi Dandamudim with IU Health said.
Patches were sent out for the St. Jude devices, and other companies are on high alert, so Dandamudi says patients who need these devices shouldn’t avoid them.
“We always look at risk/benefit ratios when we look at any medical decisions,” Dandamudi said.
As for Shepherd, who connects with other heart disease patients over social media, she says the community is concerned, but she is not.
“I have so many other worries with having a heart problem and stuff, that I just can’t worry about that,” Shepherd said.
The whistle-blowers allege a universal code for the life-saving technology exists, which would allow hackers to control the implants. Still doctors say a breach is unlikely.
Patients with the transmitters are advised to continue a normal routine of check-ups with their doctor and to keep their transmitter connected to WiFi so that it can automatically upgrade with the new software patches.
Patients with questions can contact St. Jude Medical’s Merlin@home customer service at 1-877-My-Merlin.