Abbott Issues Software Update Amid Risk of Pacemaker Hacking

Lucy Hill
August 31, 2017

"As medical devices become increasingly interconnected via the internet, hospital networks, other medical devices and smartphones, there is an increased risk of exploitation of cybersecurity vulnerabilities, some of which could affect how a device operates", the FDA said in a safety communication Tuesday. The firmware update is meant to fix a cybersecurity weakness that allowed hackers to affect the battery life and pacing of 465,000 devices implanted in patients in the U.S.

To view the full article, register now.

While the FDA has characterized the corrective action to address the vulnerabilities as a "voluntary recall" by the manufacturer, the Abbott spokeswoman stresses that neither the company nor the FDA is not recommending the "prophylactic removal and replacement of affected devices".

Medical device maker Abbott on Monday announced it is voluntarily recalling some 465,000 pacemakers to install a firmware update to patch cybersecurity vulnerabilities in the devices.

Abbott has released a software security update to protect its cardiac pacemakers from hacking.

Users will need an in-patient update with their healthcare provider, taking just three minutes.

The FDA signed off on the update last week, clearing healthcare providers to start moving their patients over to the new firmware. The risks, which include reloading previous firmware due to an incomplete installation, loss of now programmed settings and loss of device functionality all occur at rates well below 1%.

Amazon adds multiroom audio control to Echo devices
Also announced today is Amazon's Connected Speaker APIs , which will let you use Alexa to control connected audio systems. It'll also have better sound technology, thanks to several tweeters, and better microphone technology.

The patch comes eight months after Abbott released an update meant to fix a vulnerability with the device now providing pacemaker authorization, namely Merlin@home Transmitter.

Doctors will now get a warning should batteries run to dangerously low levels thanks to the new software updates.

Discuss the risks and benefits of the cybersecurity vulnerabilities and associated firmware update with your patients at the next regularly scheduled visit.

However, the FDA warned of a potential - but very small - update failure which could result in: reloading of the previous firmware version; loss of programmed settings; loss of diagnostic data; or complete loss of device functionality.

The FDA issued a notice in January saying the devices were vulnerable to cybersecurity attacks that might allow a third party to control them remotely.

The update is part of Merlin@home v8.2.2, but pacemakers manufactured from 28 August will already contain the security patch.

For pacing dependent patients, consider performing the cybersecurity firmware update in a facility where temporary pacing and pacemaker generator can be readily provided.

Other reports by TheDailyFarc

Discuss This Article