FDA issues recall on Abbott’s cardiac pacemakers due to hacking risk
On August 29, 2017, the U.S. Food and Drug Administration (USDA) issued a recall on 465,000 Abbott’s (formerly St. Jude Medical’s) implantable cardiac pacemakers. This recall was issued due to a software update that could potentially allow an unauthorized party to quickly deplete the device’s battery or adjust heart rates.
The FDA stated that with any software update, there is a “very low risk” of malfunction, however, the new firmware update requires patients to visit their doctors in-person, instead of using Merlin.net at home. The update process takes roughly 3 minutes to complete. The FDA does not recommend having the devices removed the update. The vulnerability is low and there have been no reported attacks as of now.
The FDA recommends the following for patients and caregivers:
- ” Consult with your physician(s) for determining when you should receive the update and if you have any questions or concerns about the vulnerabilities or the update. Your ongoing medical management should be based on your own medical history and clinical condition.
- Visit www.sjm.com/cyberupdate, or contact Abbott’s hotline at 1-800-722-3774 for additional information, or if you have any questions or issues regarding your St. Jude Medical implantable cardiac pacemaker.”
Source: U.S. Food & Drug Administration
To read the official recall and view a list of all devices addressed, visit Firmware Update to Address Cybersecurity Vulnerabilities Identified in Abbott’s (formerly St. Jude Medical’s) Implantable Cardiac Pacemakers: FDA Safety Communication
If you suspect or experience a problem with these devices, we encourage you to file a voluntary report through MedWatch, the FDA Safety Information and Adverse Event Reporting program