Software vulnerabilities of medical devices may be difficult for health sector officials and manufacturers to manage.

As we reported last week, St. Jude implemented software updates that could protect pacemakers and other medical devices from being compromised by hackers. 

Unfortunately, new information suggested that the public is not completely in the clear.

“Software is never perfect and all systems still will have these flaws,” says Joshua Corman, director of the Cyber Statecraft Initiative at the Atlantic Council and an expert on medical device security. “The question is how gracefully and collaboratively and quickly and safely can we respond to these flaws.”

In late 2016, there were reports that the Merlin@home transmitter used in monitoring certain St. Jude Medical implant devices could be hacked. These hacks could lead to deadly consequences for  the patient.

MedSec, a cybersecurity firm,  initially found the problems in the St. Jude devices. After which they “tipped off”- the activist investment firm Muddy Waters, which publicized the flaws and advised clients to bet against the health care firm’s stock.

Ever since the US government and St. Jude confirmed the one flaw, the VA has been “taking steps to be sure all our patients and providers are aware of this issue and take appropriate actions to be sure that all our patients get the update for their monitor,” said Merritt Raitt, acting director of the VA National Cardiac Device Surveillance Program.