Earlier this week the FDA issued a warning that various implantable cardiac devices, such as pacemakers and defibrillators made by St. Jude Medical are vulnerable to being hacked. This is not surprising since anything that is a part of the Internet of Things carries the risk of being able to be hacked although the dangers posed by devices such as pacemakers being able to be hacked are particularly serious. It should be noted, however, that there are no reports of anyone being harmed by these identified vulnerabilities.
Last summer financial research and trading firm, Muddy Waters made public their research identifying the problems with the St. Jude devices. Often when such vulnerabilities are found by security researchers, they will contact the company first before making the information public in order to provide the company with an early opportunity to remedy the problem. Muddy Waters came under criticism for not doing so as well as for financially capitalizing on the drop in the stock price of St. Jude Medical by shorting the stock before the information was made public which resulted in a drop in the value of the stock. However, they did not violate any laws by doing so.
Fortunately, a security patch has been developed for the vulnerable devices which are connected to the Internet St. Jude Medical’s Merlin@home Transmitter. The security software patch will automatically be downloaded to those people using the devices so long as they are are connected to the St. Jude Medical Merlin@home Transmitter. The FDA advises users of the devices to make sure that their medical devices are connected to the Merlin.net network at all times to make sure that they will get this and any future security updates.
In the future you can expect such updates of the security software for such medical devices that are a part of the Internet of Things to be issued on a regular basis.