Heart Implants Recalled Due To Cyber-Security Vulnerabilities

in #cybersecurity7 years ago


The FDA, US Food and Drug Administration has recalled around 465,000 implantable cardioverter defibrillators (ICD) for firmware updates. ICD is a small device that is used to treat irregular heartbeats.

In a safety report by the FDA, issued on April 17, 2018 it says that the devices, designed and operated by St. Jude Medical, are susceptible to cyber-security breaches and are also at risk of having sudden battery loss.

The safety report claimed saying, “As medical devices become increasingly interconnected via the Internet, hospital networks, other medical devices, and smartphones, there is an increased risk of exploitation of cybersecurity vulnerabilities, some of which could affect how a medical device operates.”

This vulnerability of St Jude medical ICD’s and its Merlin@home monitoring device to cyber-attack was raised by Medsec, analysts for health sector security. This analysis took place following a challenge from St Jude Medical (that was acquired by Abbott in 2017) and the susceptibility in these devices that were identified by Medsec, were confirmed by cyber security consultants Bishop Fox.

Carl Livitt of Bishop Fox told the Computer Business Review that, “Authentication backdoors are not good, especially in implantable cardiac devices that can be misused to kill people.”

Merlin@Home is a small receiver used by people who have implanted cardiac devices; it can be plugged in at home and is designed in a way to allow ““remote care management of patients with implanted cardiac devices through scheduled transmissions and daily alert monitoring.”

Derek Weeks, VP of DevSecOps Company blames the open source weakness and even highlights the risk of privacy of patient records and patients health on unpatched medical devices.

Carl Livitt claims on to say, “Most of the vulnerabilities could be remediated by requiring a very close proximity ‘wake-up’ command to be issued to an implanted device prior to enabling long-range communications.’ This would require the physician to be in physical contact with the patient.”

The warning comes after the deal made recently between Microsoft and NHS to strengthen the cyber security defenses following an update on costly plans for security investment across the NHS.


Posted from my blog with SteemPress : https://latesthackingnews.com/2018/05/03/heart-implants-recalled-due-to-cyber-security-vulnerabilities/

Coin Marketplace

STEEM 0.15
TRX 0.16
JST 0.028
BTC 68787.57
ETH 2439.22
USDT 1.00
SBD 2.34