Cyber Vulnerability Affecting 745,000 Pacemakers

A total of 745,000 pacemakers have been confirmed as having cyber-security issues that could let them be hacked.

The US Food and Drug Administration (FDA) has revealed that 465,000 pacemakers in the US were affected, in an advisory note about a fix to the problem.

The flaws could be used to cause the devices to pace too quickly or run down their batteries. However, Abbott said it was not aware of any cases of this happening, adding that it would require a "highly complex set of circumstances". The Department of Homeland Security has said that an attacker would need "high skill" to exploit the vulnerabilities.

Three-Minute Fix

The affected pacemakers are branded as having been made by St Jude Medical, which was acquired by Abbot Laboratories  earlier this year.

Patients are being advised to ask their doctors about an available firmware update at their next scheduled appointment.

The pacemakers can receive the revised code by being placed close to a radio wave-emitting wand in a process that lasts about three minutes. Pacemakers manufactured after 28 August will come with the new firmware pre-installed.

"As with any firmware update, there is a very low risk of an update malfunction," the FDA said. The regulator noted a very small number of St Jude devices had lost all functionality after a firmware update in the past.

Abbott said some patients might opt to continue with the old firmware as a consequence.

"In some cases, doctors and patients will decide that the risks that could be associated with performing the new pacemaker firmware update for some patients may outweigh the benefits," it said in a note to pacemaker users.

"If you do not receive the update, your pacemaker will continue to function as intended, and you can receive the update at any future time."

Legal Battle

The benefit of allowing the pacemakers to send and receive data wirelessly is that patients can pair them with a transmitter at home that monitors the devices as they sleep and can potentially alert them to medical problems.

A hedge fund, Muddy Waters Research, first warned the media in August 2016that the cardiac equipment had security flaws and claimed they could be exploited by "low-level hackers".

The investment company also revealed it had bet St Jude's shares would drop after it had been told of the issues by security company MedSec.

"St Jude's apparent lack of device security is egregious, and in our view, likely a product of years of neglect," Muddy Waters said at the time.

St Jude responded by saying it stood behind the security and safety of its equipment and sued its accuser for defamation.

However, shortly after Abbott bought St Jude in January, the FDA confirmed there were vulnerabilities in the company's wireless home monitor system, which were subsequently addressed.

Then, in April, the watchdog said Abbott had failed to properly investigate wider cyber-security concerns. Even so, the medical company's legal action against Muddy Waters continues.

BBC

You Might Also Read: 

8 Major Problems Healthcare CIOs Are Facing:

Medical Implants Can be Hacked:

Essentials: A Cybersecurity Strategy For Healthcare:

« What Is The Stuxnet Worm?
Essentials: A Cybersecurity Strategy For Healthcare »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IX Associates

IX Associates

IX Associates is a UK based IT Integration business specialising in risk, compliance, eDefence, and network security solutions.

Security Onion Solutions

Security Onion Solutions

Security Onion Solutions is the creator and maintainer of Security Onion, a free and open platform for threat hunting, network security monitoring, and log management.

TrainACE

TrainACE

TrainACE, is a professional computer training school offering courses in information technology with a focus on Advanced Security training.

Coursera

Coursera

Coursera provides universal access to the world’s best education, partnering with top universities and organizations to offer courses online. Subject areas include Computer Security & Networks.

Inspirria Cloudtech

Inspirria Cloudtech

Inspirria Cloudtech is a specialized Cloud Technologies Services provider and Cloud Aggregator focused on executing cloud models for clients.

netfiles

netfiles

netfiles offers highly secure data rooms for sensitive business processes and secure data exchange.

Seculert

Seculert

The Seculert Attack Detection & Analytics Platform combines machine-learning based analytics and threat intelligence to automatically detect cyber attacks inside the network.

Arc4dia Labs

Arc4dia Labs

Arc4dia have developed SNOW, a cyber security solution to combat the world’s most sophisticated cyber threats.

Data Security Inc

Data Security Inc

Data Security, Inc. is the leading American manufacturer and supplier of hard drive degaussers, magnetic tape degaussers as well as hard drive and solid state destruction devices.

Japan Cybersecurity Innovation Committee (JCIC)

Japan Cybersecurity Innovation Committee (JCIC)

JCIC is an independent and not-for-profit thinktank to establish a secure and safe digital society.

Cyber Pathways

Cyber Pathways

Cyber Pathways brings together the next generation of Cyber professionals along with delegates who are looking to cross train and enter the cyber market.

Munich Re

Munich Re

Munich Re is a leading global provider of reinsurance, primary insurance and insurance-related risk solutions including Cyber.

Quside

Quside

Quside, a spin-off from The Institute of Photonic Sciences in Barcelona, designs and manufactures innovative quantum technologies for a wide range of applications including cyber security.

Prelude

Prelude

Prelude offer the first autonomous platform built to attack, defend and train critical assets through continuous red-teaming.

HashDit

HashDit

HashDit products and services focus on helping build a safe ecosystem for both protocol users and smart contract developers on BNB Chain.

Hydden

Hydden

Hydden gives security teams the ability to create a solid foundation to build a truly next-gen identity security practice by bridging the gaps between siloed teams and technologies.