U.S. Food and Drug Administration (FDA) has announced the recall of 465,000 cardiac pacemakers produced by Abbott for security update installation. The update patches cybersecurity vulnerabilities in the devices’ firmware.
Analysis has demonstrated that these vulnerabilities could allow an unauthorized user (i.e., someone other than the patient’s physician) to access a patient’s pacemaker using commercially available equipment. Such access could be used to modify programming commands to the implanted device, which could result in patient harm from rapid battery depletion or administration of inappropriate pacing.
Although there are no known reports of patient harm related to the exploitation of these vulnerabilities, installing the update is recommended to ensure patient safety.
Installation takes about three minutes to complete and does not require replacing or turning off the device. It can be performed during a regularly scheduled physician office visit.