St. Jude Medical’s implantable cardiac devices that rely on the Merlin@home remote monitoring system are vulnerable to hacking. Recipients of affected St. Jude devices may be entitled to file a Merlin@home transmitter lawsuit to obtain compensation from the company.
August 2016: A new class action lawsuit has been filed in Los Angeles federal court, following allegations that some of St. Jude Medical’s implantable cardiac devices are easy targets for hackers. The lead plaintiff to the suit claims that he never would have undergone surgery with the company’s Quadra Assura cardiac resynchronization therapy defibrillator had he been aware of the “severe security vulnerabilities” purportedly associated with the Merlin@home system. The complaint lists around 30 implantable heart devices that are alleged to suffer from the same deficiencies. Read More
Bernstein Liebhard LLP is a nationwide law firm that represents individuals who were harmed by allegedly defective medical devices. Our attorneys are investigating claims that Merlin@home transmitters may be vulnerable to cyberattacks. If you or a loved one were fitted with a St. Jude defibrillator, pacemaker or cardiac resynchronization device that relies on this system, call our office now at (888) 994-5118 to arrange for a free legal review.
The Merlin@home transmitter works in conjunction with St. Jude’s data management system, the Merlin.net Patient Care Network, to remotely transmit patient data from an implantable cardiac device to a physician’s office. St. Jude has distributed hundreds of thousands of implantable cardiac devices that rely on remote monitoring via the Merlin system. Used Merlin@home monitors can also be found on eBay for as little as $35.00.
In August 2016, the Muddy Waters investment group announced that it had taken a short position in St. Jude stock, which would allow the group to benefit financially if the company’s share price declines. In a 33-page report, Muddy Waters said that it expect this would occur due to alleged cybersecurity issues that make St. Jude’s implantable cardiac devices susceptible to hacking, especially those bundled with the Merlin@home transmitter system. Demonstrations conducted by a cybersecurity firm called MedSec had indicated that St. Jude implants were vulnerable to two kinds of hacks: a “crash” attack that causes the devices to malfunction and a “battery drain” attack that could be harmful to device-dependent users.
In January 2017, the U.S. Food & Drug Administration (FDA) nnounced that it had confirmed cybersecurity vulnerabilities in the Merlin@home system that could allow a hacker to alter the transmitter. The altered transmitter could then be used to modify programming commands to the implanted device, which could result in rapid battery depletion and/or administration of inappropriate pacing or shocks. St. Jude has issued software updates to resolve some of the issues. The company is working with Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) to address the remaining vulnerabilities. Read More
While it is too early to predict whether or not the issues raised by Muddy Waters will result in litigation against St. Jude, it is not too early for Merlin@home monitor patients to take steps to protect their legal right. To learn more about the possibility of filing a Merlin@home transmitter lawsuit, please call Bernstein Liebhard LLP at (888) 994-5118.
Get the latest news and litigation updates about this case by following us on Facebook. Click the "Like" button below.