The devices affected are RF-enabled implantable pacemakers made by medical device company St. Jude Medical (Little Canada, MN), which Abbott acquired earlier this year. The fix will require as many as half a million people with the pacemakers to visit their health care provider in person to receive a software update.
Previously, the U.S. Federal Food and Drug Administration (FDA) had confirmed potential cybersecurity vulnerabilities with 465,000 St. Jude Medical devices, indicating that they could allow unauthorized users “to access a patient’s device using commercially available equipment.” Such access, says the FDA, could enable a hacker to modify an implanted pacemaker’s programming commands – potentially causing harm to a patient from rapid battery depletion or inappropriate pacing.
“Connected devices are having a significant positive impact for patients and their health,” says Robert Ford, executive vice president, Medical Devices, Abbott. “To further protect our patients, Abbott has developed new firmware with additional security measures that can be installed on our pacemakers.”
The firmware update process – which cannot be done remotely – takes about three minutes. Once installed, any device attempting to communicate with the implanted pacemaker must provide authorization to do so. The update also features a software release that includes data encryption, operating system patches, and the ability to disable network connectively features.
The update applies to the RF telemetry versions of the following pacemaker devices in the U.S.: Accent SR RF, Accent MRI, Assurity, Assurity MRI, Accent DR RF, Anthem RF, Allure RF, Allure Quadra RF, and Quadra Allure MP RF. According to the FDA, “there are no known reports of patient harm related to the cybersecurity vulnerabilities in the 465,000 (US) implanted devices impacted.”
Pacemakers and electrical interference: Everyday tech a potential issue
Wireless diabetes device security standard being developed
IoT smart lock ‘bricked’ by software update
‘Internet of Trusted Things’ security startup raises $22M