St. Jude Medical is currently being targeted due to security vulnerabilities in implanted heart devices. Back in August, MedSec and Muddy Waters released a report about how St. Jude’s pacemakers and defibrillators were vulnerable to cyberattacks that could result in battery drain or manipulation of pacemaker beat rates. This could in turn put a patient’s life at risk.
Bishop Fox, an independent security firm, recently provided a testimony stating that the St. Jude cardiac devices ecosystem does not meet the security requirements of a system responsible for safeguarding life-sustaining equipment implanted in patients. In addition, the wireless protocol used by the devices to communicate also have vulnerabilities that allow attackers to take control of the device and deliver shocks to patients at a range up to 10 feet and possibly more with additional components.