UPDATED 22:44 EDT / AUGUST 30 2017

INFRA

FDA issues unprecedented recall for 465,000 hackable pacemakers

In an unprecedented move, the U.S. Food and Drug Administration has issued a voluntary recall notice for 465,000 pacemakers sold by Abbott Laboratories Inc., the medical device maker previously known as St. Jude Medical Inc.

Because swapping a pacemaker isn’t as simple as visiting a store and obtaining a new device over the counter, the recall requests that those with pacemakers made by the company visit their doctors for a firmware update. The new firmware has been made available to “reduce the risk of patient harm due to potential exploitation of cybersecurity vulnerabilities,” or put more simply, to prevent the pacemakers from getting hacked.

Potential security issues with pacemakers were first identified back in 2013. More recently, it has been discovered that the devices are often full of vulnerable code, allowing them not only to be hacked but also potentially to kill the user. The FDA released a set of recommendations for how device manufacturers should protect the security of Internet-connected medical devices in 2016.

The fundamental problem with modern pacemakers is that they employ remote access technology to allow a physician to monitor them without the need to physically access the device inside the user. With that wireless access, which can take the form of RF or WiFi, anyone within range could potentially connect to the pacemaker and cause trouble.

In the case of these specific pacemakers, the FDA said in a statement that vulnerabilities in St. Jude Medical’s RF-enabled implantable cardiac pacemakers could allow an unauthorized user to access a patient’s device using commercially available equipment. “This access could be used to modify programming commands to the implanted pacemaker, which could result in patient harm from rapid battery depletion or administration of inappropriate pacing,” the agency added.

The pacemakers affected by the recall include models using the names Accent, Anthem, Accent MRI, Accent ST, Assurity and Allure. The process for a physician to update the firmware is supposed to take only three minutes, but the update does present a small chance of causing issues itself. The FDA noted that in less than 1 percent of updates, data may be lost and that there is a 0.003 percent chance that the firmware update may cause the pacemaker to cease working altogether.

Photo: Steven Fruitsmaak/Wikimedia Commons

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.