Cyber Vulnerability Affecting 745,000 Pacemakers

A total of 745,000 pacemakers have been confirmed as having cyber-security issues that could let them be hacked.

The US Food and Drug Administration (FDA) has revealed that 465,000 pacemakers in the US were affected, in an advisory note about a fix to the problem.

The flaws could be used to cause the devices to pace too quickly or run down their batteries. However, Abbott said it was not aware of any cases of this happening, adding that it would require a "highly complex set of circumstances". The Department of Homeland Security has said that an attacker would need "high skill" to exploit the vulnerabilities.

Three-Minute Fix

The affected pacemakers are branded as having been made by St Jude Medical, which was acquired by Abbot Laboratories  earlier this year.

Patients are being advised to ask their doctors about an available firmware update at their next scheduled appointment.

The pacemakers can receive the revised code by being placed close to a radio wave-emitting wand in a process that lasts about three minutes. Pacemakers manufactured after 28 August will come with the new firmware pre-installed.

"As with any firmware update, there is a very low risk of an update malfunction," the FDA said. The regulator noted a very small number of St Jude devices had lost all functionality after a firmware update in the past.

Abbott said some patients might opt to continue with the old firmware as a consequence.

"In some cases, doctors and patients will decide that the risks that could be associated with performing the new pacemaker firmware update for some patients may outweigh the benefits," it said in a note to pacemaker users.

"If you do not receive the update, your pacemaker will continue to function as intended, and you can receive the update at any future time."

Legal Battle

The benefit of allowing the pacemakers to send and receive data wirelessly is that patients can pair them with a transmitter at home that monitors the devices as they sleep and can potentially alert them to medical problems.

A hedge fund, Muddy Waters Research, first warned the media in August 2016that the cardiac equipment had security flaws and claimed they could be exploited by "low-level hackers".

The investment company also revealed it had bet St Jude's shares would drop after it had been told of the issues by security company MedSec.

"St Jude's apparent lack of device security is egregious, and in our view, likely a product of years of neglect," Muddy Waters said at the time.

St Jude responded by saying it stood behind the security and safety of its equipment and sued its accuser for defamation.

However, shortly after Abbott bought St Jude in January, the FDA confirmed there were vulnerabilities in the company's wireless home monitor system, which were subsequently addressed.

Then, in April, the watchdog said Abbott had failed to properly investigate wider cyber-security concerns. Even so, the medical company's legal action against Muddy Waters continues.

BBC

You Might Also Read: 

8 Major Problems Healthcare CIOs Are Facing:

Medical Implants Can be Hacked:

Essentials: A Cybersecurity Strategy For Healthcare:

« What Is The Stuxnet Worm?
Essentials: A Cybersecurity Strategy For Healthcare »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

E-Tech

E-Tech

E-Tech has been providing system support and information technology consulting services including Internet and Network Security assessments.

ECSC Group

ECSC Group

ECSC is a full-service information security provider, specialising in 24/7/365 security breach detection and Artificial Intelligence (AI).

Securi-Tay

Securi-Tay

Securi-Tay is an information Security conference held by the Ethical Hacking Society at Abertay University, Dundee.

CSIRT Malta

CSIRT Malta

CSIRT Malta supports critical infrastructure organisations in Malta on how to protect their information infrastructure assets and systems from cyber threats and incidents.

Telspace Africa

Telspace Africa

Telspace Africa provide the highest level of IT security solutions including advisory, penetration testing, vulnerability assessments, red teaming, social engineering and training.

Huntsman Security

Huntsman Security

Huntsman Security provides technology to enable real-time security monitoring and immediate visibility of advanced threats and compliance issues.

Sage Designs

Sage Designs

Sage Designs is a provider of SCADA, Security & Industrial Automation products and training programs.

QA

QA

QA is a leading IT training provider in the UK with over 1,500 courses covering all areas of IT including Cyber Security.

ES2

ES2

ES2 is a consulting organisation specialising in Enterprise Security and Solutions Services.

PeopleSec

PeopleSec

PeopleSec specializes in the human element of cybersecurity with a comprehensive set of services designed to maximize your security by educating your workforce as a whole.

Glilot Capital Partners

Glilot Capital Partners

Glilot Capital Partners is an Israeli seed and early-stage VC. We specialize in businesses which disrupt enterprise technology, mainly in the fields of AI, big data and cybersecurity.

Cyberspace Solarium Commission (CSC)

Cyberspace Solarium Commission (CSC)

The Cyberspace Solarium Commission was established to develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences.

GB Group (GBG)

GB Group (GBG)

GBG is a global technology specialist in fraud, location and identity data intelligence.

Motorola Solutions

Motorola Solutions

Motorola Solutions build mission-critical services, software, video and analytics, backed by secure, resilient land mobile radio communications.

Arctic Group

Arctic Group

Arctic Group is a Swedish service provider focusing on cybersecurity, integration services and deployment of software development tools.

KingsGuard Solutions

KingsGuard Solutions

KingsGuard Solutions is a San Diego Cybersecurity company that specializes in complex and innovative security solutions for companies throughout Southern California.