St. Jude releases cyber updates for heart devices after U.S. probe
By Jim Finkle
(Reuters) - Abbott Laboratories (ABT.N: Quote) moved to protect patients with its St. Jude heart implants against possible cyber attacks, releasing a software patch on Monday that the firm said will reduce the "extremely low" chance of them being hacked.
The company disclosed the moves some five months after the U.S. government launched a probe into claims the devices were vulnerable to potentially life-threatening hacks that could cause implanted devices to pace at potentially dangerous rates or cause them to fail by draining their batteries..
The Food and Drug Administration and the Department of Homeland Security said that St. Jude's software update addresses some, but not all, known cyber security problems in its heart devices.
The patch that Abbott began pushing out to patients on Monday addresses vulnerabilities that present the greatest risk to patients and prevent hackers from accessing the device, said FDA spokeswoman Angela Stark.
"The patch is intended to reduce the risk of unauthorized individuals exploiting the vulnerability and support patient safety," she said. "The FDA has maintained this focus on addressing patient safety first and foremost throughout its investigation."
A Department of Homeland Security spokesman said he had no immediate comment on the remaining problems.
St. Jude spokeswoman Candace Steele Flippin declined to identify specific problems, but said: "The cybersecurity landscape is evolving. St. Jude Medical has worked with, and continues to work with, the FDA and DHS to update and improve the security of our technology."
MedSec Chief Executive Justine Bone said in a statement that "a multitude of severe vulnerabilities" were not fixed in the security update. Continued...