The U.S. Food and Drug Administration (FDA) recalled approximately 465,000 pacemakers this week after concerns started to grow over the devices vulnerability to hacking.
The recall, announced on Tuesday, is not intended to remove the pacemakers as that would be not only invasive but would also put the patient at serious risk since medical procedures involving pacemakers are often complex; rather, the manufacturer created a new firmware update that medical professionals can apply to the patient.
“Six types of pacemaker, all made by healthtech firm Abbott and sold under the St Jude Medical brand, are affected by the recall,” The Guardian reported.
The FDA stated the pacemakers, which contain configurable embedded computer systems, are vulnerable to potential hacking:
The FDA has reviewed information concerning potential cybersecurity vulnerabilities associated with St. Jude Medical’s RF-enabled implantable cardiac pacemakers and has confirmed that these vulnerabilities, if exploited, could allow an unauthorized user (i.e. someone other than the patient’s physician) to access a patient’s device using commercially available equipment. This access could be used to modify programming commands to the implanted pacemaker, which could result in patient harm from rapid battery depletion or administration of inappropriate pacing.
So far there have not been any reported cases of hacked pacemakers nor have any patients been harmed out of the 465,000 pacemakers that have cyber security vulnerabilities.
St. Jude previously refuted the claim that their pacemaker was vulnerable to hacking when chief technology officer Phil Ebeling called the allegations “absolutely untrue.”
The FDA released a separate report in January 2017 that indicated that other cardiac devices, specifically “St. Jude Medical’s Merlin@home Transmitter,” was vulnerable to cyber intrusions.