Abbott Issues Software Update Amid Risk of Pacemaker Hacking

There are currently no known reports of patient harm for the 465,000 implanted devices in question, according to the FDA.

The US Food and Drug Administration (FDA) has approved a firmware update intended as a recall — more specifically, a corrective action – for Abbott (formerly St. Jude Medical) pacemakers that face a risk of cybersecurity vulnerabilities.

Pacemakers that were manufactured beginning August 28, 2017, will come pre-loaded with the new firmware and will not require updating, according to a statement.

The FDA reviewed the available information regarding the potential for cybersecurity vulnerabilities associated with the RF-enabled implantable cardiac pacemakers, confirming that, if exploited, they would allow for an unauthorized user to access the devices using commercially available equipment.

Recommendations include an in-person visit with the patient in question’s health care provider, as the update cannot be done online. The FDA and Abbott do not recommend the removal and replacement of affected pacemakers and suggest that the risks of cybersecurity be discussed between patients and their providers.

"Determine if the update is appropriate for the given patient based on the potential benefits and risks. If deemed appropriate, install the firmware update following the instructions on the programmer," the FDA stated in its release.

There are currently no known reports of patient harm for the 465,000 implanted devices in question, according to the FDA.

According to the FDA, "the update process will take approximately 3 minutes to complete. The firmware update process is described in Abbott's Dear Doctor Letter issued on August 28, 2017."

There is further information on the firmware update available online, or Abbott's hotline at 800-722-3774.

Related Coverage

The Top 10 Stories of August

Genetics May Play Role in Response to Antidepressant Therapy ​​​​