RALEIGH, N.C. (WNCN) — More than 3 million people worldwide have pacemakers.
This past week, the FDA issued an advisory statement notifying patients and doctors around the U.S. that pacemakers and defibrillators made by St. Jude Medical are vulnerable to cyber-attacks and could be hacked, putting patients at risk.
While this may sound like a science fiction story—now we know that multiple types of medical devices—from insulin pumps to MRI scanners—are at risk for cyber-attacks. At this point, other cardiac device manufacturers have not been confirmed to be vulnerable but more study is being conducted now
- What is a pacemaker? And what is a defibrillator or ICD?
A pacemaker is used when a patient’s heartbeat is too slow. A pacemaker is inserted into the chest and wires are placed inside the heart that allows electrical signals to stimulate the heartbeat. An ICD works like a pacemaker when it comes to slow heart beats, but it also can treat dangerous, fast life-threatening heartbeats with an internal shock that resets the heart rhythm and can save a patient’s life.
- What puts them at risk and what could a cyber-criminal possibly do to a patient with a cardiac device?
Based on the FDA report, there are vulnerabilities in the home monitoring system for pacemakers and ICDs made by St. Jude Medical. Patients with cardiac devices are asked to connect a home monitoring system to their phone lines. This device connects to the internet and transmits information about the pacemaker or ICD to your doctor—alerting your doctor of any problems with your device in real time.
Home monitoring is important in that it allows doctors to help identify problems before the patient gets sick. In the case of the SJM devices, hackers can potentially tap into the home monitoring system and cause the pacemaker or ICD battery to prematurely deplete or could conceivably make programming changes that put patients at risk.
At this point, there have been no reports of any patients having the device hacked. The FDA was alerted to the potential issue last year and after a study determined that the risk is real and must be addressed.
- What should you do if you have a pacemaker made by St. Jude that is at risk?
Fortunately, the company has created a software patch that has been automatically installed in all home monitoring systems thru the internet last week. Patients should continue to remain connected as the benefits of home monitoring certainly outweigh potential risk at this point. Talk to your doctor if you have a pacemaker or ICD and ask if your particular device is affected. I expect that in the future, there will be a big effort by the FDA and device companies to work to set higher security standards and make sure patients are safe.