FDA issues recall of 465000 St. Jude pacemakers to patch security holes

Implantable Cardiac Pacemakers by Abbott (formerly St. Jude Medical): Safety Communication - Firmware Update to Address Cybersecurity Vulnerabilities

Implantable Cardiac Pacemakers by Abbott (formerly St. Jude Medical): Safety Communication - Firmware Update to Address Cybersecurity Vulnerabilities

In particular, Abbott's pacemakers, formerly of St. Jude Medical, have been "recalled" by the US Food and Drug Administration (FDA) on a voluntary basis.

Still, even though there's not a ton of risk of having your pacemaker hacked in public, the FDA recommends that patients with the device make an appointment with their doctors to get the firmware update. Shortly thereafter, St. Jude Medical announced it would sue four entities and three individuals involved in making the allegations, the FDA launched an investigation, and the Department of Homeland Security's (DHS) Industrial Control Systems Cyber Emergency Response Team commenced an analysis.

"Because all networked medical devices are potentially vulnerable to cybersecurity threats, the FDA has been working diligently with device manufacturers and other stakeholders to ensure the benefits of medical devices to patients continue to outweigh any potential cybersecurity risks", he said in a release, calling for "multi-stakeholder engagement" in managing medical device cybersecurity risks. The firmware update will be available beginning August 29, 2017.

However, doctors have been advised by Abbott to update only if "appropriate given the risk of update for the patient". "If deemed appropriate, install the firmware update following the instructions on the programmer", the FDA stated in its release. The risks, which include reloading previous firmware due to an incomplete installation, loss of now programmed settings and loss of device functionality all occur at rates well below 1%.

Contact your Abbott representative, or Abbott's customer technical support hotline at 1‐800‐722‐3774 if you have any questions about the firmware update.

Kevin Hart, Chris Young donate to Hurricane Harvey relief efforts
Hart committed to giving $25,000 in what he's calling "the Hurricane Relief Challenge". Read on for a selection of messages from across social media.

The update is for pacemakers with radio frequency (RF) telemetry capabilities, meaning that they are wirelessly connected by radio waves for recording and transmitting the readings of the devices.

St. Jude patched the products after short-seller Muddy Waters Capital outlined the vulnerability in a report. The device will run on backup mode during the process, but all life-sustaining features will still be available.

But as a precaution, Abbott says that pacing dependent patients should be given the update in a facility where temporary pacing and a pacemaker generator are on hand.

The recall comes in the wake of a letter that the FDA sent in April to Abbott, warning the medical device maker that it must submit a plan within 15 days to address the cybersecurity vulnerabilities that were first disclosed in August 2016 in a third-party research report.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.