FDA: Make Medical Device Cybersecurity a Top Priority featured image

FDA: Make Medical Device Cybersecurity a Top Priority

by John DiGiacomo

Partner

Cyber Security Data Breach

 

At the end of December, the Food and Drug Administration (FDA) issued new guidance for medical device cybersecurity. The new guidance encourages medical device developers and producers to make cybersecurity of networked medical devices a top priority throughout the product development lifecycle. It did not take long after the issuance of this new guidance for medical device maker St. Jude Medical to develop and deploy a software patch to improve the cybersecurity of some of its remote monitoring systems for various medical devices that it manufactures. Specifically, St. Jude Medical developed patches for implantable pacemakers and defibrillators, according to TechNewsWorld.com.  

One specific product line St. Jude Medical took action to further improve the security of was Merlin@home wireless devices. These devices communicate remotely with implanted cardiac devices in patients. Some potential vulnerabilities were identified in the Merlin@home network connected devices that could allow a hacker to gain access to the device to change parameters of the implanted device. Concerns about medjacking were raised for the Merlin@home devices, as hacked devices could be controlled by hackers to administer inappropriate pacing (electrical stimulations to the heart).

With any medical device, there is always a risk to the patient, so the important question that is asked by designers, developers, manufacturers, and regulators is “does the benefit from this medical device outweigh the risks associated with the device?” The benefit of having a network connected implantable medical device is that the device can record and transmit important patient information to a physician or electronic medical record of the patient. The risk is that network connected devices are something that could be have by cybercriminals.

The patch developed by St. Jude Medical for the Merlin@home medical devices enhances security by adding an additional validation and verification step when establishing wireless communication between the device and Merlin.net network.  

Could Someone Really Hijack a Medical Device?

Hijacking a medical device is a real and tangible cyber security threat. Although it is possible to do so, no St. Jude Medical device associated with the Merlin@home product line has been hacked and no patients with these implantable devices have been harmed by medjacking. Most cyberattacks are financially motivated, and there is little financial gain in hijacking medical devices, which could explain why there are not many instances of this occurring. Nonetheless, medical device producers need to prepare against the real and looming cybersecurity threat posed by hackers.

Contact a Medical Device Cybersecurity Lawyer

Medical device companies and healthcare systems need to be aware of the cybersecurity threats that are likely to affect them, their business, and their customers. Medjacking is one of the newer types of cybersecurity threats, but as technology and hacking techniques advance, medjacking could become more commonplace. Revision Legal works with companies to help manage cybersecurity issues and the aftermath that follows a cybersecurity breach. Contact the experienced health care data breach lawyers at Revision Legal. Please feel free to reach out to us today. Contact us using the form on this page or call us at 855-473-8474.

Image credit: Congress Check

Extra, Extra!
Recent Posts

Fairness Factors For Your College NIL Agreement

Fairness Factors For Your College NIL Agreement

Corporate

In May 2025, as part of a settlement of litigation involving college football, a new entity was created called the College Sports Commission (“CSC” or “Commission”). See news media reports here and here. Among many other purposes, the CSC will monitor and approve name, image, and likeness (“NIL”) agreements for college athletes. As the term […]

Read more about Fairness Factors For Your College NIL Agreement

Is a “Fanciful” Trademark the Best Type of Trademark?

Is a “Fanciful” Trademark the Best Type of Trademark?

Trademark

Trademarks are words, designs, symbols, logos, and other things that are used/associated with goods or services that identify the specific commercial source of the goods/services. COCA-COLA, APPLE, and GUCCI are just a few famous examples. If COCA-COLA is on the bottle, consumers know what to expect from the beverage in the bottle. The same for […]

Read more about Is a “Fanciful” Trademark the Best Type of Trademark?

Put Revision Legal on your side