St. Jude admits security vulnerabilities in cardiac devices

St. Jude Medical has released cybersecurity updates for its Merlin remote monitoring system. The company has admitted to “extremely low cybersecurity risks” and stated that all of its medical devices are exposed to potential cybersecurity attacks. This comes after a defamation lawsuit filed against Muddy Waters and MedSec, who revealed vulnerabilities in St. Jude’s heart devices. The FDA has confirmed these vulnerabilities, and St. Jude has collaborated with regulators to release software updates. However, some flaws revealed in the MedSec report, including a universal code that can be used by hackers, have not been addressed.