FDA Safety Communication - Cybersecurity Vulnerabilities Identified- Implantable Cardiac Devices and Merlin@home Transmitter by St. Jude Med

Lisa Volk and Nancy Leveille in Clinical & Quality

The FDA is providing information and recommendations regarding St. Jude Medical's radio frequency (RF)-enabled implantable cardiac devices and Merlin@home Transmitter to reduce the risk of patient harm due to cybersecurity vulnerabilities. The FDA has reviewed information concerning potential cybersecurity vulnerabilities associated with St. Jude Medical's Merlin@home Transmitter and has confirmed that these vulnerabilities, if exploited, could allow an unauthorized user, i.e., someone other than the patient's physician, to remotely access a patient's RF-enabled implanted cardiac device by altering the Merlin@home Transmitter. The altered Merlin@home Transmitter could then be used to modify programming commands to the implanted device, which could result in rapid battery depletion and/or administration of inappropriate pacing or shocks. See attached for further information.

NYSHFA CONTACTS:

Lisa Volk, RN, B.P.S., LNHA
Director, Clinical & Quality Services
518-462-4800 x15

Nancy Leveille, RN, MS
Sr. Director, Member Operational Support
518-462-4800 x20