Abbott Laboratories said on Monday it has begun releasing cyber security updates for its St. Jude heart devices some five months after the U.S. government launched a probe into claims they were vulnerable to potentially life-threatening hacks.
Abbott announced the updates as the U.S. Food and Drug Administration issued a Safety Communication advising patients and physicians to keep using the company’s implanted cardiac devices following the updates.
The FDA confirmed claims that cyber “vulnerabilities” could allow a hacker to remotely access St. Judge medical devices, but said there have been no reports of patients harmed by the vulnerabilities.
The updates will automatically be pushed out to St. Jude home monitors that enable doctors to track their performance.
Doctors and patients have been waiting for action from the FDA and St. Jude since August when short-selling firm Muddy Waters and cyber security firm MedSec Holdings claimed the implantedheart devices were riddled with potentially lethal security bugs.
They warned of two primary hacks: One that could cause implanted devices to pace at potentially dangerous rates and one that drains the batteries.The agency said it would continue to assess new information concerning the devices and alert the public if it recommends further changes.
“The FDA conducted an assessment of the benefits and risks of using the Merlin@home Transmitter, and has determined that the health benefits to patients from continued use of the device outweigh the cybersecurity risks,” the agency said.
Merlin is used with its implantable pacemakers and defibrillator devices.
When Muddy Waters went public with the allegations in August, it also disclosed it was shorting St. Jude Medical, which was preparing to sell itself to Abbott.
Muddy Waters said it believed that news of the vulnerabilities could cause the $25 billion deal to fall apart, but Abbott last week closed the acquisition of St. Jude, one of the world’s biggest makers of implantable cardiac devices,
St. Jude filed a lawsuit against San Francisco-based Muddy Waters, Miami-based MedSec and individuals affiliated with those firms on Sept. 7.
St. Jude accused them of intentionally disseminating false information about its heart devices to manipulate its stock price, which fell 5 percent the day they went public with their claims.
Abbott spokeswoman Candace Steele Flippin declined to say whether the company would continue to pursue the lawsuit.
Representatives for Muddy Waters and MedSec said they had no immediate comment.
Abbott shares were up 0.4 percent to $40.94 in early-afternoon trade. The S&P 500, by comparison, dipped 0.1 percent.