• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

  • Latest News
    • Cardiovascular
    • Orthopedics
  • Wall Street Beat
    • Funding Roundup
    • Mergers & Acquisitions
  • Podcasts & Webinars
    • Podcasts
    • Webinars
  • Resources
    • About MassDevice
    • Newsletter Signup
    • Leadership in Medtech
    • Manufacturers & Suppliers Search
    • MedTech100 Index
    • Videos
    • Whitepapers
  • DeviceTalks Tuesdays
  • Coronavirus: Live updates
Home » St Jude releases FDA-cleared Merlin@home cybersecurity update

St Jude releases FDA-cleared Merlin@home cybersecurity update

January 9, 2017 By Fink Densford

St. Jude Medical's Merlin@home

Updated with comment from Muddy Waters.

Abbott (NYSE:ABT) subsidiary St. Jude Medical said today it launched a cybersecurity update for its Merlin@home remote monitoring system designed for use with implantable pacemakers and defibrillator devices.

The Little Canada, Minn.-based company said the move was made to “complement the company’s existing measures and further reduce the extremely low cybersecurity risks.”

“There has been a great deal of attention on medical device security and it’s critical that the entire industry continually enhances and improves security while bringing advanced care to patients. Today’s announcement is another demonstration that St. Jude Medical takes cyber security seriously and is continuously reassessing and updating its devices and systems, as appropriate,” St. Jude cybersecurity medical advisory board member & former U.S. CERT director Ann DiCamillo said in a press release.

St. Jude said it is not aware of any cybersecurity incidents related to its medical devices, and that none of its devices or systems have been the targets of such incidents.

The FDA, in its own press release, confirmed that there have been no reports of harm related to the vulnerabilities, but also warned that the weaknesses could be exploited.

“The FDA has reviewed information concerning potential cybersecurity vulnerabilities associated with St. Jude Medical’s Merlin@home Transmitter and has confirmed that these vulnerabilities, if exploited, could allow an unauthorized user, i.e., someone other than the patient’s physician, to remotely access a patient’s RF-enabled implanted cardiac device by altering the Merlin@home Transmitter. The altered Merlin@home Transmitter could then be used to modify programming commands to the implanted device, which could result in rapid battery depletion and/or administration of inappropriate pacing or shocks,” the FDA wrote in its release.

The update comes after a string of accusations of poor cybersecurity associated with St. Jude’s cardiac devices from short-seller Muddy Waters.

Muddy Waters quickly responded to the update, calling out St. Jude on the cybersecurity flaws and claiming that the fix will not correct the largest vulnerabilities in the system.

“After vehemently denying its devices suffer security vulnerabilities and then suing us, St. Jude issued a statement today that effectively vindicates the research published by MedSec and Muddy Waters. This long-overdue acknowledgement, just days after completion of St. Jude’s sale to Abbott Laboratories, reaffirms our belief that the company puts profits over patients. It also reaffirms our belief that had we not gone public, St. Jude would not have remediated the vulnerabilities. Regardless, the announced fixes do not appear to address many of the larger problems, including the existence of a universal code that could allow hackers to control the implants,” the firm wrote in a response to St. Jude.

St. Jude said the update included additional validation and verification between the Merlin@home devices and Merlin.net, and that it collaborated with the FDA to implement the changes. The company also said it has additional updates planned for 2017.

“As medical technology advances, it’s increasingly important to understand how innovation and cyber security impact physicians and the patients we treat. We are committed to working to proactively address cyber security risks in medical devices while preserving the proven benefits of remote monitoring to assess patient status and device function,” St. Jude cybersecurity medical advisory board chair Dr. Leslie Saxon said in prepared remarks.

The FDA said it reviewed the software update, and that after an assessment of the device, determined that “the health benefits to patients from continued use of the device outweight the cybersecurity risks.” The Agency said it will continue to monitor the devices and update on any recommendation changes.

“We’ve partnered with agencies such as the U.S. Food and Drug Administration and the U.S. Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team unit and are continuously reassessing and updating our devices and systems, as appropriate. The safety and security of patients is always our primary focus. We’ll continue to work with agencies, security researchers, physicians and others in the industry in a coordinated way to develop best practices and standards that further enhance the security of devices across the medical industry,” St. Jude chief technology officer Phil Ebeling said in a prepared statement.

 

In August, St. Jude issued a strongly worded refutal of accusations made by a short-seller aiming to drive its share price down, denying the allegations and calling out Muddy Waters, the firm founded by well-known short-seller Carson Block, “irresponsible, misleading and unnecessarily frightening” to patients.

The short-seller aimed to disrupt the $25 billion acquisition of St. Jude by Abbott; in addition to betting on falling STJ shares, Block was long on ABT shares. His shop and a startup cybersecurity business called MedSec alleged that St. Jude’s implanted cardiac rhythm management devices posed a cybersecurity risk due to vulnerabilities in the Merlin@home monitor. The company immediately denied the charges and fired off a detailed rebuttal; in response, Muddy Waters claimed that St. Jude instead proved the short-seller’s assertions.

Filed Under: Cardiac Implants, Cardiovascular, Food & Drug Administration (FDA) Tagged With: Abbott, stjudemedical

In case you missed it

  • Abbott will spend $450M to up FreeStyle Libre production in Ireland
  • Acutus Medical ticks up on revenue beat, missed EPS in Q2 results
  • ResMed expects steady growth over the next year
  • Ambu is letting go of 200 employees
  • Medtronic has Class I recall for low-shock risk in ICDs
  • Titan Medical to start manufacturing Enos systems later this year
  • ZimVie sales down more than 11% in Q2 as it streamlines after spinoff
  • Cardinal Health’s CFO to move up to corner office
  • Levita Magnetics raises $26M for Magnetic-Assisted Robotic Surgery platform
  • Data supports use of Channel Medsystems Cerene cryotherapy
  • The 10 largest orthopedic device companies in the world
  • Nanopath raises $10M Series A for women’s health diagnostics
  • Avenda wins FDA IDE nod for AI-enabled prostate cancer therapy
  • NuVasive chief commercial officer Massimo Calafiore is stepping down
  • Preparing your medical device company for challenging market conditions
  • Dentsply Sirona replaces chief accounting officer amid internal investigation
  • Haemonetics stock rises on Street-beating Q1, raised guidance

RSS From Medical Design & Outsourcing

  • The 24 best medical device innovations of 2022
    The Galien Foundation recently announced its nominees of medical device innovations for its 2022 Prix Galien USA awards. There are 24 medical technologies nominated for the annual award this year, up from 18 nominees in 2021. The Galien Foundation’s annual Prix Galien awards highlight devices, biotechnology and pharmaceutical products designed to improve the human condition.… […]
  • FDA issues new COVID-19 testing guidance to avoid false negatives
    COVID-19 testing should be repeated following a negative result on any antigen test, the FDA said in a move that could increase demand for diagnostics manufacturers. The latest guidance from the federal health agency is for negative COVID-19 antigen test results regardless of the presence or absence of symptoms. The federal agency said recent studies… […]
  • Confluent Medical expands Costa Rica manufacturing footprint for nitinol, complex catheter production
    Confluent Medical Technologies this week announced the opening of its new addition to its Costa Rica manufacturing facility. The expansion adds 66,000 sq. ft to its large-scale manufacturing center of excellence in Alajuela, Costa Rica to expand Confluent’s capacity for nitinol component processing and complex catheter manufacturing. “Confluent has experienced consistent and strong growth in… […]
  • FDA’s breakthrough medical device designations tally nears 700
    Stewart Eisenhart, Emergo Group The US Food and Drug Administration has granted almost 700 designations over the past seven years under a voluntary program for expedited regulatory review of medical devices and combination products that facilitate more effective treatment or diagnosis of serious diseases. According to recent metrics published by FDA, the agency has issued a total of… […]
  • Lifecore Biomedical’s owner plans to go all-in on contract development and manufacturing
    Lifecore Biomedical parent company Landec Corp. (Nasdaq:LNDC) plans to take the subsidiary’s name, leadership and headquarters as its own and sell off food businesses to focus on contract development and manufacturing. Santa Maria, California-based Landec said it will rename itself as Lifecore Biomedical “in the near future” and change its Nasdaq ticker to LFCR. Landec… […]
  • COVID-19 immunity test developers at MIT seek diagnostic manufacturer
    MIT researchers have developed a device for predicting an individual’s COVID-19 immunity and are looking for a diagnostic company to get it manufactured in large numbers and approved by the FDA. The lateral flow test uses the same technology as at-home rapid antigen COVID-19 tests to measure neutralizing antibodies for SARS-CoV-2 in a blood sample,… […]
  • GE Healthcare picks AI imaging startups for inaugural Edison Accelerator
    GE Healthcare and Nex Cubed have selected seven companies focused on artificial-intelligence-augmented medical imaging for the first cohort of the Edison Accelerator in Canada. The companies will be matched with mentors and test their technologies with GE’s new Edison Digital Health Platform over the next three months. The program will end with innovation showcase presentations… […]
  • Boston Scientific whistleblower launches corruption investigation
    Boston Scientific (NYSE:BSX) is investigating claims that the company violated the U.S. Foreign Corrupt Practices Act in Vietnam. Marlborough, Massachusetts–based Boston Scientific disclosed receipt of a whistleblower’s allegations in its latest filing with the Securities and Exchange Commission. “In March 2022, the company received a whistleblower letter alleging Foreign Corrupt Practices Act violations in Vietnam.… […]
  • 5 essential leadership lessons from Cathy Burzik for medtech’s next generation of women leaders
    Cathy Burzik, a seasoned senior executive in the healthcare industry, has successfully led major medical device, diagnostic, diagnostic imaging and life sciences businesses. Cathy Burzik, CFB Interests (as told to MedExecWomen co-founder Maria Shepherd) One key to being a successful women leader in MedTech: “Play nice, but play to win.” Cathy Burzik, who received a… […]
  • Stratasys plans to buy Covestro’s additive manufacturing business
    Stratasys (Nasdaq:SSYS) said today that it has a deal to purchase the additive manufacturing materials business of Covestro. The deal includes R&D facilities and activities, global development and sales teams across Europe, the U.S. and China, a portfolio of approximately 60 additive manufacturing materials, and hundreds of patents and patents pending, Stratasys said in a… […]
  • New implant design prevents scar tissue without drugs, MIT says
    Mechanically inflating and deflating an implantable device for 10 minutes a day prevents immune cells from building the scar tissue that has been a major obstacle for artificial pancreas researchers. That’s according to new findings from a team of MIT engineers who built mechanical deflection into a two-chambered, soft polyurethane device tested on mice. By… […]

Primary Sidebar

DeviceTalks Weekly

August 12, 2022
DTW – Medtronic’s Mauri brings years of patient care to top clinical, regulatory, scientific post
See More >

MEDTECH 100 INDEX

Medtech 100 logo
Market Summary > Current Price
The MedTech 100 is a financial index calculated using the BIG100 companies covered in Medical Design and Outsourcing.
Need Medtech news in a minute?
We Deliver!

MassDevice Enewsletters get you caught up on all the mission critical news you need in med tech. Sign up today.

MDO ad

Footer

MASSDEVICE MEDICAL NETWORK

DeviceTalks
Drug Delivery Business News
Medical Design & Outsourcing
Medical Tubing + Extrusion
Drug Discovery & Development
Pharmaceutical Processing World
MedTech 100 Index
R&D World
Medical Design Sourcing

DeviceTalks Webinars, Podcasts, & Discussions

Attend our Monthly Webinars
Listen to our Weekly Podcasts
Join our DeviceTalks Tuesdays Discussion

MASSDEVICE

Subscribe to MassDevice E-Newsletter
Advertise with us
About
Contact us
Add us on Facebook Follow us on Twitter Connect with us on LinkedIn Follow us on YouTube

Copyright © 2022 · WTWH Media LLC and its licensors. All rights reserved.
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media.

Advertise | Privacy Policy