Cyber Vulnerability Affecting 745,000 Pacemakers

A total of 745,000 pacemakers have been confirmed as having cyber-security issues that could let them be hacked.

The US Food and Drug Administration (FDA) has revealed that 465,000 pacemakers in the US were affected, in an advisory note about a fix to the problem.

The flaws could be used to cause the devices to pace too quickly or run down their batteries. However, Abbott said it was not aware of any cases of this happening, adding that it would require a "highly complex set of circumstances". The Department of Homeland Security has said that an attacker would need "high skill" to exploit the vulnerabilities.

Three-Minute Fix

The affected pacemakers are branded as having been made by St Jude Medical, which was acquired by Abbot Laboratories  earlier this year.

Patients are being advised to ask their doctors about an available firmware update at their next scheduled appointment.

The pacemakers can receive the revised code by being placed close to a radio wave-emitting wand in a process that lasts about three minutes. Pacemakers manufactured after 28 August will come with the new firmware pre-installed.

"As with any firmware update, there is a very low risk of an update malfunction," the FDA said. The regulator noted a very small number of St Jude devices had lost all functionality after a firmware update in the past.

Abbott said some patients might opt to continue with the old firmware as a consequence.

"In some cases, doctors and patients will decide that the risks that could be associated with performing the new pacemaker firmware update for some patients may outweigh the benefits," it said in a note to pacemaker users.

"If you do not receive the update, your pacemaker will continue to function as intended, and you can receive the update at any future time."

Legal Battle

The benefit of allowing the pacemakers to send and receive data wirelessly is that patients can pair them with a transmitter at home that monitors the devices as they sleep and can potentially alert them to medical problems.

A hedge fund, Muddy Waters Research, first warned the media in August 2016that the cardiac equipment had security flaws and claimed they could be exploited by "low-level hackers".

The investment company also revealed it had bet St Jude's shares would drop after it had been told of the issues by security company MedSec.

"St Jude's apparent lack of device security is egregious, and in our view, likely a product of years of neglect," Muddy Waters said at the time.

St Jude responded by saying it stood behind the security and safety of its equipment and sued its accuser for defamation.

However, shortly after Abbott bought St Jude in January, the FDA confirmed there were vulnerabilities in the company's wireless home monitor system, which were subsequently addressed.

Then, in April, the watchdog said Abbott had failed to properly investigate wider cyber-security concerns. Even so, the medical company's legal action against Muddy Waters continues.

BBC

You Might Also Read: 

8 Major Problems Healthcare CIOs Are Facing:

Medical Implants Can be Hacked:

Essentials: A Cybersecurity Strategy For Healthcare:

« What Is The Stuxnet Worm?
Essentials: A Cybersecurity Strategy For Healthcare »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Perforce Software

Perforce Software

Perforce helps companies build complex software products more collaboratively, securely, and efficiently.

SERMA Safety & Security (S3)

SERMA Safety & Security (S3)

SERMA Safety & Security provides a comprehensive cybersecurity offering incorporating Expertise, Evaluation, Consultancy and Training, covering hardware, software and information systems.

Crossmatch

Crossmatch

Crossmatch is a world leader in risk-based composite authentication and biometric identity management.

Dragos

Dragos

Dragos has built the first industrial cybersecurity ecosystem, the ultimate security defense.

ngCERT

ngCERT

ngCERT is the National Computer Emergency Response Team for Nigeria.

Maximus Consulting (MX)

Maximus Consulting (MX)

Maximus designs and delivers corporate-wide information security management system with our full-time IRCA Accredited consulting team.

SkillCube

SkillCube

SkillCube is one of the pioneers in India focusing on Cyber Security Skill Development Solutions.

Conviso

Conviso

Conviso is a consulting company specialized in Application Security and Security Research.

Archivo

Archivo

Archivo is a value added reseller focused on Disaster Recovery as a Service (DRaaS), backup, hyper-convergence, hybrid storage and Cyber security.

RCMP National Cybercrime Coordination Unit (NC3)

RCMP National Cybercrime Coordination Unit (NC3)

As set out in the Government of Canada's National Cyber Security Strategy, the RCMP has established the National Cybercrime Coordination Unit (NC3).

SparkLabs Cyber + Blockchain

SparkLabs Cyber + Blockchain

SparkLabs Cyber + Blockchain accelerator is located in Washington D.C. which is one of the world's top cybersecurity ecosystems.

Energia Ventures

Energia Ventures

Energia Ventures is a three-month intensive accelerator for entrepreneurs with an innovative business in the energy, smart grid, cleantech, and cybersecurity sectors.

DataEndure

DataEndure

DataEndure helps companies build digital resilience so that their critical information assets are protected and available to the right people, at the right time.

ARIA Cybersecurity Solutions

ARIA Cybersecurity Solutions

The ARIA ADR Automatic Detection & Response solution was designed to find, verify, and stop all types of attacks - automatically and in real time.

Cegeka

Cegeka

Cegeka is a family-owned IT company providing end-to-end IT solutions, services & consultancy.

Antivirus Tales

Antivirus Tales

Antivirus Tales offers a platform to resolve all types of antivirus-related issues. The platform also provide various blog articles and informative guides to fix antivirus software errors.