23
Data Security
Abbott Medical takes a broad and deep approach to ensuring the safety, security and privacy of
the patient information and data on our devices and systems connecting patients to healthcare
providers and clinics. Patients, clinical staff, and hospital IT staff do not need to configure the
pulse generator or take any special action, for example firewall use, to safeguard patient
information and device data.
The Merlin™ 2 PCS programmer logs security events, for example a failed installation of
programmer software, and stores these log files on disk. These files can then be analyzed by
Abbott Medical personnel during system forensics. They are not meant to be analyzed by the
clinic's information technology personnel.
All safeguards for the devices will be provided throughout the stated warranty period or until a
replacement product is available. In the rare event of a cybersecurity attack on the programmer
that affects its ability to program the pulse generator, implanted device therapy will continue.
Abbott Medical encourages the clinics to allow only authorized healthcare providers to use the
Merlin 2 PCS, for example by requiring badged access to programmer locations. The
cybersecurity bill of materials (CBOM) is available upon request.
Bluetooth Communication
For Bluetooth
®
Low Energy wireless communication, the Merlin™ 2 PCS and St. Jude Medical
implantable devices should be within 2.5 meters in normal use.
The programmer uses BLE with authentication methods to ensure that the programmer
communicates only with St. Jude Medical authorized products. The integrity and confidentiality of
all data-in-transit during BLE communication is protected by multiple levels of encryption.
Inductive Communication
Inductive Communication is a short-range communication channel that protects patient
information by the proximity of the telemetry wand to the device.
Only authorized healthcare providers should place the inductive wand over the device.
RF Communication
To begin Merlin™ 2 PCS use, the clinician places the programmer's inductive telemetry wand
over the patient's implanted device and initiates communication. The inductive wand has a range
of less than 7 centimeters in normal use. The Merlin 2 PCS then switches to Medical Implant
Communications Service (MICS)-based (RF) telemetry if the implanted device supports it. The RF
telemetry range is less than 2.5 meters in normal use.
St. Jude Medical implantable devices introduced in 2010 and later use proprietary
communications protocol based on magnetic induction and, for certain models, an MICS-based
protocol. This protocol prevents unauthorized device communication and recording and protects
sensitive patient information using:
An authentication algorithm
Data encryption
NOTE: The implanted device authenticates telemetry communication before accepting
changes to programmed therapy.
Electromagnetic Compatibility
The Merlin™ 2 PCS and the Merlin Antenna require special precautions with regard to
Summary of Contents for MER3700
Page 1: ...Merlin 2 Patient Care System Merlin 2 PCS Model MER3700 User s Manual...
Page 4: ......
Page 10: ......
Page 38: ......
Page 39: ......