FDA: Implantable Cardiac Devices Are Vulnerable to Cybersecurity Threats

​Implantable cardiac devices, like many health devices that connect to the internet, are vulnerable to cybersecurity intrusions, according to a January 9, 2017, safety communication from the U.S. Food and Drug Administration (FDA). St. Jude Medical's implantable cardiac devices and their corresponding Merlin@home transmitters were specifically cited as being vulnerable. St. Jude Medical is deploying a software update to reduce risk of vulnerabilities. FDA said it has not received any reports related to patient harm, but the vulnerabilities could be exploited to allow an unauthorized user to remotely access the device.