MedSec comments on Department of Homeland Security and the FDA Verification of MedSec Security Claims in St Jude Medical Technology

January 9th, 2017

Miami, Fl. - After five months of ongoing work by MedSec to hold St Jude Medical accountable for security problems in their technology suite, St Jude Medical has taken action immediately following its sale to Abbott Laboratories with a software update, as outlined in advisories released today by both the FDA and the Department of Homeland Security.

MedSec continues to be sued by St. Jude Medical for defamation for alleging vulnerabilities including the ones that were just confirmed by the FDA.

Justine Bone, CEO of MedSec, commented:

“We acknowledge St. Jude Medical’s effort in the remediation of this vulnerability which was rated as High severity by the Department of Homeland Security. We eagerly await remediation efforts on the multitude of severe vulnerabilities that remain unaddressed including the ability to issue an unauthorized command from a device other than the Merlin @ Home device. MedSec remains available to assist Abbott Laboratories during this process.”

“We also thank our peers in the security research community who have supported our actions over this time. Some of you have done this publicly, many of you privately. We believe our actions, which always sought to protect detailed vulnerability information, have finally resulted in St Jude Medical taking responsibility for the extensive security problems in their technology, upon which their customer’s health is dependent. We look forward to future announcements from St Jude regarding our other findings and we thank the FDA and the DHS for their support over this time.”

About MedSec

MedSec is a cybersecurity firm specializing in the unique challenges facing the healthcare industry, including those of manufacturers, vendors, and health care providers. MedSec partners with its medical device manufacturer clients throughout the product development cycle to implement proprietary security solutions. MedSec also provides consulting and advisory services with regard to cyber risk analysis and information security in the health care industry.

Justine Bone CEO MedSec
post
Author
Justine Bone
CEO & Director

Justine is a seasoned information technology and security executive with background in software security research, risk management, information security governance, and identity management. Her previous roles include Chief Information Security Officer at Dow Jones, a News Corporation company and publisher of the Wall Street Journal, CSO at Bloomberg L.P., CTO of Secured Worldwide, an NYC-based FinTech company, and CEO of well known vulnerability security research firm, Immunity Inc. Justine began her career as a vulnerability researcher with Internet Security Systems (now IBM) X-Force and New Zealand’s Government Communications Security Bureau.