Software Update Issued by Abbott Amid Risk of Pacemaker Hacking

The US Food and Drug Administration (FDA) has approved a firmware update issued originally as a recall, now as a corrective action, for Abbott (formerly St. Jude Medical) pacemakers that are considered at risk for cybersecurity vulnerabilities.

Pacemakers not included in that designation are those that were manufactured beginning August 28, 2017. All pacemakers from then onward will have the new firmware preloaded and will not need to be updated, according to a statement.

There are currently no known reports of patient harm for the 465,000 implanted devices in question, according to the FDA.

After reviewing the available information involving the potential for cybersecurity vulnerabilities associated with the RF-enabled implantable cardiac pacemakers, the FDA confirmed that if exploited, the current firmware could allow for unauthorized users to access the devices with commercially available equipment.

"Determine if the update is appropriate for the given patient based on the potential benefits and risks. If deemed appropriate, install the firmware update following the instructions on the programmer," the FDA stated in its release.

Other recommendations include an in-person visit with the patient in question’s health care provider, as the update cannot be done online. The FDA and Abbott do not recommend the removal and replacement of affected pacemakers and suggest that the risks of cybersecurity be discussed between patients and their providers.

According to the FDA, "the update process will take approximately 3 minutes to complete. The firmware update process is described in Abbott's Dear Doctor Letter issued on August 28, 2017."

There is further information on the firmware update available online at Abbott's website or Abbott's hotline at 800-722-3774.