The US Food and Drug Administration (FDA) has just issued an advisory note recalling 465,000 radio-controlled implantable cardiac pacemakers because of fears they could be hacked into. According to the BBC, Abbott, the manufacturer of the faulty pacemakers, has admitted that there could be a further 280,000 devices affected.
MedSec, a cyber security watchdog specializing in medical equipment, discovered that vulnerabilities in the pacemakers' software left them vulnerable to hackers. It effectively means that anyone with some hacking know-how and the right equipment could access one of these devices. If they had particularly dark intentions, they might drain its battery or meddle with the patient's heartbeat. This is quite clearly dangerous and, in the worst case scenario, could be fatal. So far, there have been no reports of unauthorized access.
Luckily, any patient fitted with one of the pacemakers affected will not have to have them removed and replaced, which can be invasive and time-consuming. Instead, Abbott has released a firmware update that will patch up the cyber security vulnerabilities. A medical professional will be able to upload this update in just 3 minutes. Once installed, any device that tries to contact the pacemaker will need authorization. All pacemakers made from August 28 will have this update already in place.
“Abbott's recommendation, and that of its Cyber Security Medical Advisory Board, is that patients have a conversation with their physician to determine if the update is right for them," Abbott said in a statement.
The FDA explains on its website that "any medical device connected to a communications network (e.g. Wi-Fi, public or home Internet) may have cyber security vulnerabilities that could be exploited by unauthorized users." However, it still advises patients that "the increased use of wireless technology and software in medical devices can also often offer safer, more efficient, convenient, and timely health care delivery."
The FDA states that it "takes reports of vulnerabilities in medical devices very seriously and has issued recommendations to manufacturers for continued monitoring, reporting, and remediation of medical device cyber security vulnerabilities."
So, as suggested, if you think your pacemaker may be affected, or you are concerned, it is always best to check with your doctor. As the adage goes, better safe than sorry.