Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

Firmware upgrade released following pacemaker hack concerns
SECURITY

Firmware upgrade released following pacemaker hack concerns 

Meanwhile, Health Canada said that it will take about 75 days for it to decide on whether it will approve the firmware update.

The United States Food and Drug Administration issued a bulletin on Aug. 29 warning physicians, patients, and caregivers of patients with radio frequency (RF)-enabled St. Jude Medical implanted pacemakers. The FDA said the devices can be “vulnerable to intrusion and exploits.”

The devices addressed in this communication from the FDA, are the following St. Jude Medical pacemaker and CRT-P devices:

  • Accent
  • Anthem
  • Accent MRI
  • Accent ST
  • Assurity
  • Allure

The FDA said there are 465,000 pacemakers affected by the vulnerability in the U.S. Another 280,000 affected pacemakers are located in other countries.

The warning does not apply to any implantable cardiac defibrillators (ICDs) or to cardiac resynchronization ICDs (CRT-Ds).

“As medical devices become increasingly interconnected via the Internet, hospital networks, other medical devices, and smartphones, there is an increased risk of exploitation of cybersecurity vulnerabilities, some of which could affect how a medical device operates,” the FDA warned. “The FDA has reviewed information concerning potential cybersecurity vulnerabilities associated with St. Jude Medical’s RF-enabled implantable cardiac pacemakers and has confirmed that these vulnerabilities if exploited, could allow an unauthorized user (i.e. someone other than the patient’s physician) to access a patient’s device using commercially available equipment.”

According to the federal agency, the vulnerability could be used to modify programming commands to the pacemaker causing the device to rapidly deplete its battery or administer inappropriate pacing.

On Tuesday, the St. Jude Web Medical Web site said Abbott has “planned update to pacemaker firmware (a kind of software) adds additional security protections designed to reduce the risk of unauthorized access to patients’ pacemakers.”

“The update contains a software release that includes data encryption, operating system patches, and the ability to disable network connectively features, in addition to the firmware update,” according to St Jude Medical.

The company also said that pacemakers built beginning Aug. 28, 2017, will have this update preloaded and will not need to be updated.

“Health Canada takes the health and safety of Canadians very seriously. The device in question meets stringent Health Canada requirements for safety and effectiveness,” Eric Morrissette, head of media relations at Health Canada, told the CBC. He said Health Canada is expediting its review of the application and will reach a decision before its target date of 75 days.

A doctor at the St. Michael’s Hospital in Toronto told CBC said he is not troubled that the firmware update is not yet available in Canada.

Dr. Paul Dorian, a cardiac electrophysiologist, described as a “vanishing small” risk the possibility of the pacemakers being cyber attacked.

Related posts