On Tuesday, Homeland Security announced a warning of a cybersecurity flaw for implanted heart devices manufactured by St. Jude Medical. According to Homeland Security, the devices could be susceptible to hackers remotely taking control of defibrillators and pacemakers while inside the chests of users. According to a statement from Abbott Laboratories' St. Jude, there have been no reported deaths or injuries as a result of the flaw in the devices. The U.S. Food and Drug Administration corroborated that claim, stating that there were no fatalities or injuries believed to be tied to the security flaw.
The unusual and frightening security flaw was identified by a group of researchers working at MedSec holdings in 2016. The federal investigation into the flaw began in August of last year. The findings were only made public on Monday after St. Jude Medical updated its software repair. According to MedSec CEO, Justine Bone, however, the St. Jude's software update did not address all of the problems found with its devices.
According to FDA spokeswoman, Angela Stark, the review of both the technological flaw and the updated fix are both still under review. She did confirm that their investigation concluded in a concurrence with the MedSec findings that the devices that were meant to allow the devices to communicate with doctors and caretakers presented a vulnerability. A hacker could engage the transmitter and deplete device batteries, administer dangerous shocks to the heart of the user, or alter the pacing of the device.