Company continues to lead the way in advancing cyber security
protections in partnership with FDA and ICS-CERT
ST. PAUL, Minn.--(BUSINESS WIRE)--As part of its commitment to continuous improvement and the security of
its electronic devices, today St. Jude Medical, Inc. announced that it
will immediately deploy the latest release of cyber security updates for
its Merlin™ remote monitoring system that is used with implantable
pacemakers and defibrillator devices. The improvements include security
updates that complement the company’s existing measures and further
reduce the extremely low cyber security risks.
All medical devices using remote monitoring are exposed to the risk of a
potential cyber security attack. St. Jude Medical is not aware of any
cyber security incidents related to a St. Jude Medical device, nor is it
aware that any specific St. Jude Medical device or system in clinical
use has been purposely targeted. In recognition of the changing cyber
security landscape and the increased public attention on highly unlikely
medical device cyber risks, we are informing the public about these
ongoing actions so that patients can continue to be confident about the
benefits of remote monitoring.
“There has been a great deal of attention on medical device security and
it’s critical that the entire industry continually enhances and improves
security while bringing advanced care to patients,” said cyber security
expert Ann Barron DiCamillo, former director of U.S. CERT and advisor to
St. Jude Medical’s Cyber Security Medical Advisory Board. “Today’s
announcement is another demonstration that St. Jude Medical takes cyber
security seriously and is continuously reassessing and updating its
devices and systems, as appropriate.”
“We’ve partnered with agencies such as the U.S. Food and Drug
Administration (FDA) and the U.S. Department of Homeland Security
Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) unit
and are continuously reassessing and updating our devices and systems,
as appropriate,” said Phil Ebeling, vice president and chief technology
officer at St. Jude Medical.
As technology evolves, St. Jude Medical made seven software updates in
three years to the Merlin@home™ transmitter alone, and it will
immediately release its latest software update to Merlin@home™, which
will begin to be implemented today. The update includes additional
validation and verification between the Merlin@home™ device and
Merlin.net. St. Jude Medical has collaborated with the FDA, DHS ICS-CERT
and other regulators in implementing this update. The company also plans
to implement additional updates in 2017.
As is always recommended, patients should make sure that their
Merlin@home™ unit is plugged in and connected via landline or cellular
adapter so they can receive these and any future automatic security
updates. Physicians or patients with any questions should call the
Merlin hotline at 1-877-MY-MERLIN (1-877-696-3754) or visit www.sjm.com/Merlin
for more information.
“As medical technology advances, it’s increasingly important to
understand how innovation and cyber security impact physicians and the
patients we treat,” said Dr. Leslie Saxon, chair of St. Jude Medical’s
Cyber Security Medical Advisory Board. “We are committed to working to
proactively address cyber security risks in medical devices while
preserving the proven benefits of remote monitoring to assess patient
status and device function.”
“The safety and security of patients is always our primary focus. We’ll
continue to work with agencies, security researchers, physicians and
others in the industry in a coordinated way to develop best practices
and standards that further enhance the security of devices across the
medical industry,” said Ebeling.
As of January 4, 2017, St. Jude Medical is a part of Abbott.