Almost half a million Pacemakers have been recalled by the U.S. Food and Drug Administration (FDA) due to fears that their lax cybersecurity could be hacked to run the batteries down or even alter the patient’s heartbeat.
The recall won’t see the pacemakers removed, which would be an invasive and dangerous Medical procedure for the 465,000 people who have them implanted: instead, the manufacturer has issued a firmware update which will be applied by medical staff to patch the security holes.
Six types of pacemaker, all made by healthtech firm Abbott and sold under the St Jude Medical brand, are affected by the recall. They are all radio-controlled implantable cardiac pacemakers, typically fitted to patients with slow or irregular heartbeats, as well as those recovering from heart failure.
There have been no reports of unauthorized access to any patient’s implanted device, according to Abbot. The FDA says that the vulnerability allows an unauthorized user to access a device using commercially available equipment and reprogram it. The hackers could then deliberately run the battery flat, or conduct “administration of inappropriate pacing.” Both could, in the worst case, result in the death of an affected patient.
The U.S. Department of Homeland Security said that “it is recommended that healthcare providers discuss this update with their patients and carefully consider the potential risk of a cybersecurity attack along with the risk of performing a firmware update?EU?.
Robert Ford, the executive vice president of medical devices at Abbott, said: “All industries need to be constantly vigilant against unauthorized access. This isn’t a static process, which is why we’re working with others in the healthcare sector to ensure we’re proactively addressing common topics to further advance the security of devices and systems.”
It was the second round of updates for the heart implants that Abbott has announced since buying medical device…