Once the hacker has control, they can rapidly deplete the battery or alter the pacing, putting the health of patients who rely on their pacemakers at risk.
Pacemakers that were manufactured beginning August 28, 2017, will come pre-loaded with the new firmware and will not require updating, according to a statement.
Abbott has released a software security update to protect its cardiac pacemakers from hacking. Based on Abbott's data, there's a 0.161 percent chance the update reloads old firmware due to an incomplete update; a 0.023 percent chance that the update will wipe programmed device settings; a not reported chance of loss of diagnostic data; and a 0.003 percent chance the device becomes bricked.
The FDA reviewed the available information regarding the potential for cybersecurity vulnerabilities associated with the RF-enabled implantable cardiac pacemakers, confirming that, if exploited, they would allow for an unauthorized user to access the devices using commercially available equipment.
However, shortly after Abbott bought St Jude in January, the FDA confirmed there were vulnerabilities in the company's wireless home monitor system, which were subsequently addressed. Neither organization recommends the prophylactic removal of the devices.
Patients are being advised to ask their doctors about an available firmware update at their next scheduled appointment.
"FDA reminds patients, patient caregivers and healthcare providers any medical device connected to a communications network may have cybersecurity vulnerabilities that could be exploited by unauthorized users", officials said. There is a very low risk of an update malfunction during the process, including reloading of a previous firmware version due to incomplete data, a loss of now programmed device settings, or a loss of device functionality, the FDA said.
The pacemakers can receive the revised code by being placed close to a radio wave-emitting wand in a process that lasts about three minutes.
"For pacing dependent patients, consider performing the cybersecurity firmware update in a facility where temporary pacing and pacemaker generator can be readily provided", according to the alert.
The critical firmware flaws came to light a year ago in an advisory that was sponsored by an investment that was betting against the stock of St. Jude, which was formally acquired by Abbott Laboratories in January.
Contact your Abbott representative, or Abbott's customer technical support hotline at 1‐800‐722‐3774 if you have any questions about the firmware update.