A hacker hacking someone’s pacemaker sounds like something that could only happen in a science fiction movie, doesn’t it? Unfortunately, that reality may be a little too close for comfort. Last month the U.S. Food and Drug Administration (FDA) announced a voluntary recall of 465,000 pacemakers for the potential to be hacked, according to Fortune. The recall raises concerns of how internet-connected medical devices can ensure patient safety.
The devices, which provide pacing for slow or irregular heart rhythms, contain “configurable embedded computer systems that can be vulnerable to cybersecurity intrusions and exploits,” according to the FDA alert. RF-enabled St. Jude Medical implantable cardiac pacemaker, now manufactured by Abbott, affected by the recall include: Accent, Anthem, Accent MRI, Accent ST, Assurity and Allure.
The FDA has confirmed vulnerabilities could, if exploited, allow someone other than the patient’s doctor to modify programming, “which could result in patient harm from rapid battery depletion or administration of inappropriate pacing.” However, no harm had been reported at the time of the recall alert.
To address the cybersecurity issues threatening the pacemakers, the company has developed a firmware update as a corrective action. After this update, any device trying to communicate with the pacemaker would have to provide authorization. It was available at the beginning of September and devices manufactured after Aug. 28 had the update preloaded.
This recall does not recommend the pacemakers be removed or replaced due to the issue, and the FDA advises discussing when to receive the update with a physician.