Cyber Vulnerability Affecting 745,000 Pacemakers

A total of 745,000 pacemakers have been confirmed as having cyber-security issues that could let them be hacked.

The US Food and Drug Administration (FDA) has revealed that 465,000 pacemakers in the US were affected, in an advisory note about a fix to the problem.

The flaws could be used to cause the devices to pace too quickly or run down their batteries. However, Abbott said it was not aware of any cases of this happening, adding that it would require a "highly complex set of circumstances". The Department of Homeland Security has said that an attacker would need "high skill" to exploit the vulnerabilities.

Three-Minute Fix

The affected pacemakers are branded as having been made by St Jude Medical, which was acquired by Abbot Laboratories  earlier this year.

Patients are being advised to ask their doctors about an available firmware update at their next scheduled appointment.

The pacemakers can receive the revised code by being placed close to a radio wave-emitting wand in a process that lasts about three minutes. Pacemakers manufactured after 28 August will come with the new firmware pre-installed.

"As with any firmware update, there is a very low risk of an update malfunction," the FDA said. The regulator noted a very small number of St Jude devices had lost all functionality after a firmware update in the past.

Abbott said some patients might opt to continue with the old firmware as a consequence.

"In some cases, doctors and patients will decide that the risks that could be associated with performing the new pacemaker firmware update for some patients may outweigh the benefits," it said in a note to pacemaker users.

"If you do not receive the update, your pacemaker will continue to function as intended, and you can receive the update at any future time."

Legal Battle

The benefit of allowing the pacemakers to send and receive data wirelessly is that patients can pair them with a transmitter at home that monitors the devices as they sleep and can potentially alert them to medical problems.

A hedge fund, Muddy Waters Research, first warned the media in August 2016that the cardiac equipment had security flaws and claimed they could be exploited by "low-level hackers".

The investment company also revealed it had bet St Jude's shares would drop after it had been told of the issues by security company MedSec.

"St Jude's apparent lack of device security is egregious, and in our view, likely a product of years of neglect," Muddy Waters said at the time.

St Jude responded by saying it stood behind the security and safety of its equipment and sued its accuser for defamation.

However, shortly after Abbott bought St Jude in January, the FDA confirmed there were vulnerabilities in the company's wireless home monitor system, which were subsequently addressed.

Then, in April, the watchdog said Abbott had failed to properly investigate wider cyber-security concerns. Even so, the medical company's legal action against Muddy Waters continues.

BBC

You Might Also Read: 

8 Major Problems Healthcare CIOs Are Facing:

Medical Implants Can be Hacked:

Essentials: A Cybersecurity Strategy For Healthcare:

« What Is The Stuxnet Worm?
Essentials: A Cybersecurity Strategy For Healthcare »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Logicalis

Logicalis

Logicalis are a leading provider of global IT solutions and managed services.

Paramount Computer Systems

Paramount Computer Systems

Paramount is a regional leader in the Middle East for cybersecurity solutions and consulting services.

Patchstack

Patchstack

Patchstack (formerly WebARX) is a web application security platform, which allows digital agencies and developers to monitor, protect and maintain their websites.

Zanasi & Partners

Zanasi & Partners

Zanasi & Partners is a security research and advisory company active in the EU and MENA areas. Services focus on technology solutions.

Digittrade

Digittrade

Digittrade develop and produce external encrypted hard disks and secure communications apps.

TCN

TCN

TCN is an advanced System Integrator and Infrastructure Company in Albania.

Matrix42

Matrix42

Matrix42 software for digital workspace experience manages devices, applications, processes and services simple, secure and compliant.

T-REX

T-REX

T-REX is a coworking space, technology incubator, and entrepreneur resource center for technology startups.

IntaPeople

IntaPeople

IntaPeople are IT and engineering recruitment specialists. We have specialist teams for job sectors including Cybersecurity, IT infrastructure and DevOps.

DeepSeas

DeepSeas

DeepSeas is the result of a merger between Security On-Demand (SOD) and the commercial Managed Threat Services (MTS) business of Booz Allen Hamilton.

Inspectiv

Inspectiv

Inspectiv offers a turn-key solution to continuously identify security vulnerabilities and provide security assurance.

Accenture

Accenture

Accenture is a leading global professional services company providing a range of strategy, consulting, digital, technology & operations services and solutions including cybersecurity.

PointWire

PointWire

PointWire offers a range of cybersecurity solutions and services including Penetration Testing on various levels, as well as Intrusion Detection and Prevention Systems.

Prescott

Prescott

Prescott acts as your guiding light in the preparation for your CMMC assessment and long after by governing your cybersecurity practice.

Teal

Teal

Teal provides exceptional managed IT solutions for small- to medium-sized organizations that value real partnerships and elevated security.