The FDA confirmed Vulnerability-related.DiscoverVulnerability that St.Jude Medical 's implantable cardiac devices have vulnerabilities that could allow a hacker to access a device . Once in , they could deplete the battery or administer incorrect pacing or shocks , the FDA said on Monday . The devices , like pacemakers and defibrillators , are used to monitor and control patients ' heart functions and prevent heart attacks . St. Jude has developed Vulnerability-related.PatchVulnerability a software patch to fix Vulnerability-related.PatchVulnerability the vulnerabilities , and it will automatically be applied Vulnerability-related.PatchVulnerability to affected devices beginning Monday . To receive the patch , the Merlin @ home Transmitter must be plugged in and connected to the Merlin.net network . The FDA said patients can continue to use the devices , and no patients were harmed as a result of the vulnerabilities . Abbott Laboratories ( ABT ) , which recently acquired St. Jude in a deal worth $ 25 billion , said it has worked with the FDA and DHS to update and improve the security of the affected devices . `` Cybersecurity , including device security , is an industry-wide challenge and all implanted devices with remote monitoring have Vulnerability-related.DiscoverVulnerability potential vulnerabilities , '' Candace Steele Flippin , a spokeswoman for Abbott , told Vulnerability-related.DiscoverVulnerability CNNMoney in an email . `` As we 've been doing for years , we will continue to actively address cybersecurity risks and potential vulnerabilities and enhance our systems . '' The FDA said hackers could control a device by accessing its transmitter . In August 2016 , Muddy Waters founder Carson Block published a report claiming St. Jude 's devices could be hacked and said he was shorting the stock . St. Jude said the claims were `` absolutely untrue , '' and in September , it filed a lawsuit against the firm . In a statement , Block said Monday 's announcement `` vindicates '' the firm 's research . `` It also reaffirms our belief that had we not gone public , St. Jude would not have remediated the vulnerabilities , '' Block said . `` Regardless , the announced fixes Vulnerability-related.PatchVulnerability do not appear to address Vulnerability-related.PatchVulnerability many of the larger problems , including the existence of a universal code that could allow hackers to control the implants . '' The confirmation of St. Jude 's vulnerabilities is the latest reminder of how internet-connected devices can put health at risk . In December , the FDA published guidance for manufacturers on how to proactively address cybersecurity risks .