Home Threats FDA instructs pacemaker recall due to cyber vulnerabilities

FDA instructs pacemaker recall due to cyber vulnerabilities

The Food and Drug Administration of the United States of America recently issued an alert stating that a total of 745,000 pacemaker devices by Abbott Laboratories are vulnerable to hacks and need a firmware update. The radio-frequency enabled devices are marketed by Abbott under brand names Accent, Anthem, Accent MRI, Accent ST, Assurity, and Allure. The patients using the devices have been asked to talk to their health care providers regarding firmware update and cybersecurity vulnerabilities. The FDA revealed that 465,000 pacemakers are affected, while Abbott revealed another 280,000 affected devices.

Abbott said that hacking the pacemaker device would require a complex set of circumstances for any unauthorized access. The Department of Homeland Security supported the claims made by Abbott and said that only an attacker “with high skills” could exploit the vulnerability.

There have been no reports of patient harm until now, however, if the pacemaker is left unpatched, it could be accessed using commercially available equipment. An unauthorized user may also be able to “modify programming commands to the implanted pacemaker, which could result in patient harm from rapid battery depletion or administration of inappropriate pacing,” according to FDA. Patients are asked to return devices not in use while those already have an implant should seek medical attention in cases of low-battery alert, FDA said.

The latest firmware update should take around three minutes and is done by placing the pacemaker close to a radio wave-emitting wand. During the process, the device operates in a backup mode and regulates the heart at 67 beats-a-minute.

This is the second instance of updates announced by Abbott since it acquired St. Jude Medical early this year. Last year, 400,000 heart devices suspected of pacing at potentially dangerous rates or failing due to premature battery depletion were recalled by St. Judy in a separate incident.