Cyber Vulnerability Affecting 745,000 Pacemakers

A total of 745,000 pacemakers have been confirmed as having cyber-security issues that could let them be hacked.

The US Food and Drug Administration (FDA) has revealed that 465,000 pacemakers in the US were affected, in an advisory note about a fix to the problem.

The flaws could be used to cause the devices to pace too quickly or run down their batteries. However, Abbott said it was not aware of any cases of this happening, adding that it would require a "highly complex set of circumstances". The Department of Homeland Security has said that an attacker would need "high skill" to exploit the vulnerabilities.

Three-Minute Fix

The affected pacemakers are branded as having been made by St Jude Medical, which was acquired by Abbot Laboratories  earlier this year.

Patients are being advised to ask their doctors about an available firmware update at their next scheduled appointment.

The pacemakers can receive the revised code by being placed close to a radio wave-emitting wand in a process that lasts about three minutes. Pacemakers manufactured after 28 August will come with the new firmware pre-installed.

"As with any firmware update, there is a very low risk of an update malfunction," the FDA said. The regulator noted a very small number of St Jude devices had lost all functionality after a firmware update in the past.

Abbott said some patients might opt to continue with the old firmware as a consequence.

"In some cases, doctors and patients will decide that the risks that could be associated with performing the new pacemaker firmware update for some patients may outweigh the benefits," it said in a note to pacemaker users.

"If you do not receive the update, your pacemaker will continue to function as intended, and you can receive the update at any future time."

Legal Battle

The benefit of allowing the pacemakers to send and receive data wirelessly is that patients can pair them with a transmitter at home that monitors the devices as they sleep and can potentially alert them to medical problems.

A hedge fund, Muddy Waters Research, first warned the media in August 2016that the cardiac equipment had security flaws and claimed they could be exploited by "low-level hackers".

The investment company also revealed it had bet St Jude's shares would drop after it had been told of the issues by security company MedSec.

"St Jude's apparent lack of device security is egregious, and in our view, likely a product of years of neglect," Muddy Waters said at the time.

St Jude responded by saying it stood behind the security and safety of its equipment and sued its accuser for defamation.

However, shortly after Abbott bought St Jude in January, the FDA confirmed there were vulnerabilities in the company's wireless home monitor system, which were subsequently addressed.

Then, in April, the watchdog said Abbott had failed to properly investigate wider cyber-security concerns. Even so, the medical company's legal action against Muddy Waters continues.

BBC

You Might Also Read: 

8 Major Problems Healthcare CIOs Are Facing:

Medical Implants Can be Hacked:

Essentials: A Cybersecurity Strategy For Healthcare:

« What Is The Stuxnet Worm?
Essentials: A Cybersecurity Strategy For Healthcare »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Linklaters LLP

Linklaters LLP

Linklaters is an international law firm. Practice areas include Information Management and Data Protection.

Red Hat

Red Hat

Red Hat is a leader in open source software development. Our software security team proactively identifies weaknesses before they become problems.

ICSA Labs

ICSA Labs

ICSA Labs provides third-party testing and certification of IT security software and products, as well as network-connected devices.

Beyond Security

Beyond Security

Beyond Security is a leader in automated vulnerability assessment and compliance solutions - enabling customers to accurately assess and manage security weaknesses in their networks and applications.

Cyber DriveWare

Cyber DriveWare

DriveWare analyzes new traffic in the I/O layer and blocks malware and cyber attacks which organizations have no means to protect against.

Secude

Secude

SECUDE is an established global security solutions provider offering innovative data protection for SAP users.

IT Security Jobs

IT Security Jobs

IT Security Jobs is a dedicated portal for everything related to IT professionals looking for IT Security jobs.

Google for Startups

Google for Startups

Google for Startups is Google’s initiative to help startups thrive across every corner of the world.

MONITORAPP

MONITORAPP

MONITORAPP is responsible for complete web security. Protect your business environment with Application Security Solutions from MONTORAPP.

High Security Center (HSC)

High Security Center (HSC)

High Security Center provide real-time threat protection. We protect your company from targeted and persistent attacks using technologies such as Machine Learning and Behavioral Analysis.

ChaosSearch

ChaosSearch

ChaosSearch is a massively scalable ELK-compatible log analysis platform delivered as a fully managed service with high-performance and low cost.

Noetic Cyber

Noetic Cyber

Noetic provides a proactive approach to cyber asset and controls management, empowering security teams to see, understand, and optimize their cybersecurity posture.

MTI

MTI

MTI is a solutions and service provider, specialising in data & cyber security, datacentre modernisation, modern workplace, IT managed services and IT transformation services.

Our IT Department

Our IT Department

Our IT Department Limited is a leading IT services organisation that was founded to provide premium IT support services and the latest technology solutions.

FINX Capital

FINX Capital

FINX strives to solve the cybersecurity issues with its proprietary technolog, FINX SHIELD, by utilizing big data, blockchain combined with artificial intelligence.

ViewQwest

ViewQwest

ViewQwest is a regional telecommunications & information technology services company. We specialize in providing Connectivity, Managed Network, Managed SD-WAN, and Managed Security solutions.