Pacemakers get update after security flaw found

There have been no known attacks using the flaw, with a firmware update now being rolled out

Three-quarters of a million pacemakers have a vulnerability that could let hackers access the implanted equipment, running down the battery or meddling with the pacing.

The US Food and Drug Administration (FDA) issued a warning that anyone with a specific model of radio frequency-enabled pacemaker from manufacturer Abbott needs to visit a medical professional to have the firmware updated.

Advertisement - Article continues below

There are no reports of the flaws being used to hack a pacemaker, the FDA and Abbott stressed. "There are no known reports of patient harm related to the cybersecurity vulnerabilities in the 465,000 (US) implanted devices impacted," the alert said. Alongside the half million pacemakers in use in the US, the company told the BBC that there were a further 280,000 used in other countries. 

The firmware update highlights the issues raised by connecting everything from home appliances to medical equipment to the internet, although the latter could have much more serious repercussions. Abbott stressed that security affects all industries and noted its devices were having a "significant positive impact for patients and their health".

Unlike other industries, medical updates are complicated as they need to be approved by the FDA first, to ensure code doesn't brick the hardware not unheard of with other smart devices that receive updates.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The FDA has approved the firmware update, but it can't be installed over-the-air, requiring patients to visit their doctors. "The update process will take approximately three minutes to complete," the alert notes. "During this time, the device will operate in backup mode (pacing at 67 beats per minute), and essential, life-sustaining features will remain available."

The alert warns that there's a tiny risk of losing data or settings, but it's below 1%. However, it warned that the update should be run for patients dependent on the device at a facility that can offer temporary cardiac pacing in case of any failures.

The firmware isn't only patching the vulnerabilities, Abbot said, but boosting security via encryption and network connectivity management tools. "To further protect our patients, Abbott has developed new firmware with additional security measures that can be installed on our pacemakers," said Robert Ford, executive vice president of medical devices at Abbott, in a statement.

Advertisement - Article continues below

It isn't clear why the update is being rolled out. Abbott said it was "scheduled" while the FDA said it had "reviewed information concerning potential cybersecurity vulnerabilities," but didn't say where the information came from. 

The warning applies to a specific set of devices made by Abbott, formerly known as St Jude Medical. The FDA alert has the full details here.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/business/policy-legislation/356215/senators-propose-a-bill-aimed-at-ending-warrant-proof-encryption
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/security/vulnerability/356295/microsoft-patches-high-risk-flaws-that-can-be-exploited-with-a
vulnerability

Microsoft releases urgent patch for high-risk Windows 10 flaws

1 Jul 2020
Visit/security/34616/the-top-password-cracking-techniques-used-by-hackers
Security

The top 12 password-cracking techniques used by hackers

12 Jun 2020