465K People Need A Pacemaker Security Update To Protect Their Hearts From Hacking

Image courtesy of Blogtrepreneur

If you need more evidence that we are living in an increasingly internet-connected world, look no further than a recent software update aimed at making sure 465,000 people with pacemakers don’t have hearts that are vulnerable to hackers.

The U.S. Food and Drug Administration announced this week that medical device company Abbott has issued a corrective action for implantable cardiac pacemakers made under the St. Jude’s Medical brand. According to the company there is a “risk of patient harm due to potential exploitation of cybersecurity vulnerabilities.”

To address this heart-hacking vulnerability, Abbott is issuing a firmware update to the pacemakers.

While this update is being treated as a recall, the devices will continue to function as intended “and replacement of implanted pacemaker devices is not recommended.”

To that end, there are no known reports of patient harm related to the cybersecurity vulnerabilities in the 465,000 radio-frequency-enabled implanted Abbott devices impacted in the U.S.; the company says this firmware update is part of a plan announced in January, and will “provide an additional layer of security against unauthorized access to these devices.”

Which devices are involved?

Included in the update:
• Accent
• Anthem
• Accent MRI
• Accent ST
• Assurity
• Allure

Not included: Any implantable cardiac defibrillators (ICDs) or cardiac resynchronization ICDs (CRT-Ds)

Going forward, any pacemaker manufactured as of Aug. 28, 2017 will have the update pre-loaded in the device.

How to get the update

If you have an impacted pacemaker, you should talk with your physician about when you should receive the update — which requires an in-person patient visit — as well as address any questions or concerns you might have.

The process will take about three minutes to complete, during which time the device will operate in backup mode “and essential, life-sustaining features will remain available.”

If you have any questions or want additional information, check out www.sjm.com/cyberupdate, or contact Abbott’s hotline at 1-800-722-3774.

“As medical devices become increasingly interconnected via the Internet, hospital networks, other medical devices, and smartphones, there is an increased risk of exploitation of cybersecurity vulnerabilities, some of which could affect how a medical device operates,” the FDA notes.