SecureWorld News

Implanted Pacemakers Recalled After FDA Cybersecurity Review

Written by SecureWorld News Team | Wed | Aug 30, 2017 | 2:44 PM Z

This story may hit you right in the heart.

Especially if your heartbeat is helped by one of 465,000 implanted cardiac pacemakers being recalled because a hacker could take control of it.

A new FDA statement spells out the specifics in simple terms:

"Many medical devices—including St. Jude Medical's implantable cardiac pacemakers—contain configurable embedded computer systems that can be vulnerable to cybersecurity intrusions and exploits. As medical devices become increasingly interconnected via the Internet, hospital networks, other medical devices, and smartphones, there is an increased risk of exploitation of cybersecurity vulnerabilities, some of which could affect how a medical device operates.

The FDA has reviewed information concerning potential cybersecurity vulnerabilities associated with St. Jude Medical's RF-enabled implantable cardiac pacemakers and has confirmed that these vulnerabilities, if exploited, could allow an unauthorized user (i.e. someone other than the patient's physician) to access a patient's device using commercially available equipment. This access could be used to modify programming commands to the implanted pacemaker, which could result in patient harm from rapid battery depletion or administration of inappropriate pacing." 

In other words, there could be fatal consequences if someone commandeers one of these devices and changes what are currently life-saving settings.

Cardiac pacemaker recall, do they need to be removed?

According to a statement by Abbott, now the owner of St. Jude Medical, the pacemaker recall does not require removal of the devices; instead, they need a firmware update that takes just a few minutes at your doctor's office.

"The update contains a software release that includes data encryption, operating system patches, and the ability to disable network connectively features, in addition to the firmware update," the company says.

According to Abbott, the pacemaker devices to which this update applies include the RF telemetry versions of the following devices in the U.S.: Accent SR RF™, Accent MRI™, Assurity™, Assurity MRI™, Accent DR RF™, Anthem RF™, Allure RF™, Allure Quadra RF™, and Quadra Allure MP RF™.

Cardiac pacemakers are tiny devices implanted under the skin in the upper chest area and have connecting insulated wires called "leads" that go into the heart.

They save lives—as long as they remain in the control of you and your doctor.