Abbott Recalls 465000 Pacemakers for Cybersecurity Patch

Abbott Recalls 465000 Pacemakers for Cybersecurity Patch

Abbott Recalls 465000 Pacemakers for Cybersecurity Patch

Pharmaceutical company Abbott Laboratories (ABT) has made updates to its implantable pacemakers and defibrillators in conjunction with its ongoing efforts to boost patient safety, and prevent the devices from external hackers.

RECOMMENDATIONS: The firmware update requires an in-person patient visit with a health care provider - it can not be done from home via Merlin.net.

According to the FDA, "the update process will take approximately 3 minutes to complete".

The FDA notes that on August 23, it approved the firmware update "that is now available and is intended as a recall, specifically a corrective action, to reduce the risk of patient harm due to potential exploitation of cybersecurity vulnerabilities for certain Abbott pacemakers".

The devices must be given a firmware update to protect them against a set of critical vulnerabilities, first reported by MedSec, which could drain pacemaker battery life, allow attackers to change programmed settings, or even change the beats and rhythm of the device. Neither organization recommends the prophylactic removal of the devices.

"To address these cybersecurity vulnerabilities and improve patient safety, [Abbott subsidiary] St. Jude Medical has developed and validated this firmware update as a corrective action for all of their RF-enabled pacemaker devices".

"Determine if the update is appropriate for the given patient based on the potential benefits and risks", the FDA instructs.

Death toll from Barcelona terror attack rises to 16
The number of people killed in twin vehicle attacks in Spain last week rose to 16 today, local authorities in Barcelona said. Just hours later there was a similar attack in the seaside resort of Cambrils, about 70 miles southwest of Barcelona .

"These planned updates further strengthen the security and device management tools for our connected cardiac rhythm management devices", Hamilton said.

However, doctors have been advised by Abbott to update only if "appropriate given the risk of update for the patient".

And although there have been no reports of actual harm to patients due to hackers exploiting the vulnerabilities in the devices, "that number can go from zero to a lot of patients quickly" if hackers decide to launch attacks, Corman warns.

BACKGROUND: Many medical devices - including St. Jude Medical's implantable cardiac pacemakers - contain configurable embedded computer systems that can be vulnerable to cybersecurity intrusions and exploits.

But as a precaution, Abbott says that pacing dependent patients should be given the update in a facility where temporary pacing and a pacemaker generator are on hand.

The agency says the firmware update requires an in-person visit with a healthcare provider; the devices can not be updated from home.

"If we do find them, we could look at it as a reason not trust the devices, or we could look at it like we're going from a mode of silent failures to one where we're starting the process to inform smarter and better designs", Corman said.

Related news