St. Jude Medical Addresses Critical Device Failure

It’s been a rough week for St. Jude Medical. The company has had to grapple with enormous fallout after a heart device was proven to have some serious technical difficulties. In the midst of this crisis, St. Jude also had to contend with serious accusations that its cyber-security was not up to snuff, leaving patients and medical professionals in potentially deadly situations.

The FDA has released an official warning regarding the critical malfunctioning of Implantable Cardioverter Defibrillators (ICDs) and Cardiac Resynchronization Therapy Defibrillators (CRT-Ds) produced by St. Jude that have already been linked to at least two deaths in Europe. These devices, which are tasked with regulating the heartbeats of thousands of patients, have a serious flaw: the batteries can drain rapidly and unexpectedly. Without the devices to control their heartbeats and even provide bursts of electrical shocks if needed, patients could find themselves dealing with deadly consequences. And with roughly 400,000 of the devices in circulation (and about 350,000 already implanted in patients) there isn’t going to be a quick solution to this problem.

But this disastrous battery situation — which has already led to a major recall — could be the least of St. Jude Medical’s problems. Allegations abound that the devices have another critical flaw: they are extremely vulnerable to cyber attacks. The probe into the defects plaguing the heart devices exposed major holes in their cyber-security. Although the company initially denied any claims that their technology could be hacked, it seems they’ve had a change of heart; now St. Jude Medical has established a cybersecurity advisory board to face this growing problem head-on.

The advisory board does not yet have any official members. But once they are assigned, they will have to handle the very real threat of cyber attacks on their devices — hundreds of thousands which even now reside in living human beings.