Pacemakers, defibrillators and other medical devices made by a leading medical equipment maker are vulnerable to potentially “catastrophic” cyberattacks. With relatively little effort tens of thousands of cardiac devices made by St. Jude Medical are vulnerable to attack, according a report released by private equity firm Muddy Waters Capital with help from medical researchers at MedSec.
The report claims major cybersecurity flaws are riddled throughout St. Jude Medical device portfolio and are tied to the company’s Merlin@home home monitoring units that “greatly open up the STJ ecosystem to attacks,” according to the report (PDF) released Thursday.
“These units (Merlin@home) are readily available on Ebay, usually for no more than $35. Merlin@homes generally lack even the most basic forms of security, and as this report shows, can be exploited at every level of the technology stack of St. Jude’s Cardiac Devices,” authors of the report wrote.