Pacemaker patched... one year after critical flaws reported

Posted August 31, 2017

The Food and Drug Administration announced today that 465,000 pacemakers installed in the United States have a security vulnerability that could be exploited to make the device operate too quickly or deplete its batteries, and these devices need firmware updates to keep them from getting hacked.

RECOMMENDATIONS: The firmware update requires an in-person patient visit with a health care provider - it can not be done from home via Merlin.net.

The FDA notes that on August 23, it approved the firmware update "that is now available and is intended as a recall, specifically a corrective action, to reduce the risk of patient harm due to potential exploitation of cybersecurity vulnerabilities for certain Abbott pacemakers". It appeared possible, for example, that unauthorized persons could use radio signals to reprogram the devices to deliver inappropriate pacing or rapidly drain the battery. Abbott Laboratories plans to incorporate the software updates to any new devices prior to them going on sell. Shortly thereafter, St. Jude Medical announced it would sue four entities and three individuals involved in making the allegations, the FDA launched an investigation, and the Department of Homeland Security's (DHS) Industrial Control Systems Cyber Emergency Response Team commenced an analysis. But the FDA was concerned that the risk was real enough to warrant a fix.

More news: Ajay Devgn did not STORM out of TKSS sets in anger

It recommended patients with implanted pacemakers to talk with their physicians to determine if the update is right for them.

The firmware update process is described in Abbott's Dear Doctor Letter issued on August 28, 2017.

Unfortunately, installing the firmware update can result in a failure to update altogether, the loss of programmed settings, the loss of diagnostic data, as well as a very small risk - 0.003 percent - of complete functionality loss. The FDA noted there are no known cases of patients being harmed because of the cybersecurity issue.

More news: Trump arrives in Texas as two Houston reservoirs overflow

The organizations looked into the matter after short seller Muddy Waters published a report claiming the devices were easy to hack.

But as a precaution, Abbott says that pacing dependent patients should be given the update in a facility where temporary pacing and a pacemaker generator are on hand. During this time, the device will operate in backup mode. and essential, life-sustaining features will remain available.

"These planned updates further strengthen the security and device management tools for our connected cardiac rhythm management devices", Abbott spokeswoman Candace Steele Flippin said via e-mail.

More news: Gas Prices Hit 2 Year High as 'Harvey' Disrupts Gulf Coast Refineries