MedSec comments on Department of Homeland Security and the FDA Verification of MedSec Security Claims in St Jude Medical Technology
January 9th, 2017
Miami, Fl. - After five months of ongoing work by MedSec to hold St Jude Medical accountable for security problems in their technology suite, St Jude Medical has taken action immediately following its sale to Abbott Laboratories with a software update, as outlined in advisories released today by both the FDA and the Department of Homeland Security.
MedSec continues to be sued by St. Jude Medical for defamation for alleging vulnerabilities including the ones that were just confirmed by the FDA.
Justine Bone, CEO of MedSec, commented:
“We acknowledge St. Jude Medical’s effort in the remediation of this vulnerability which was rated as High severity by the Department of Homeland Security. We eagerly await remediation efforts on the multitude of severe vulnerabilities that remain unaddressed including the ability to issue an unauthorized command from a device other than the Merlin @ Home device. MedSec remains available to assist Abbott Laboratories during this process.”
“We also thank our peers in the security research community who have supported our actions over this time. Some of you have done this publicly, many of you privately. We believe our actions, which always sought to protect detailed vulnerability information, have finally resulted in St Jude Medical taking responsibility for the extensive security problems in their technology, upon which their customer’s health is dependent. We look forward to future announcements from St Jude regarding our other findings and we thank the FDA and the DHS for their support over this time.”
MedSec is a cybersecurity firm specializing in the unique challenges facing the healthcare industry, including those of manufacturers, vendors, and health care providers. MedSec partners with its medical device manufacturer clients throughout the product development cycle to implement proprietary security solutions. MedSec also provides consulting and advisory services with regard to cyber risk analysis and information security in the health care industry.Justine Bone CEO MedSec