Thousands of Aussies may have pacemakers vulnerable to hackers: Report

UPDATE: On September 4, Abbott said it was working closely with Australia’s Therapeutic Goods Administration (TGA), which has classified the issue as a safety alert, not a recall. “Abbott is engaging with customers and informing them of the updates per guidance from the TGA,” the company said.

Thousands of Australians are believed to have pacemakers that have been recalled in the US because they can be hacked, according to an ABC report.

The US Food and Drug Administration ( FDA) said on August 29 that it had approved a ‘firmware update’ designed to fix a cybersecurity vulnerability in some pacemakers made by Abbott, which was formerly known as St Jude Medical.

It’s feared the so-called RF-enabled implantable cardiac pacemakers, which were designed to allow doctors and hospitals to remotely monitor the implant’s performance, could be hacked, allowing people other than the patient’s doctor to deplete the pacemaker’s battery or change its pace. “Many medical devices – including St. Jude Medical’s implantable cardiac pacemakers – contain configurable embedded computer systems that can be vulnerable to cybersecurity intrusions and exploits,” the FDA said in a statement.

“As medical devices become increasingly interconnected via the Internet, hospital networks, other medical devices, and smartphones, there is an increased risk of exploitation of cybersecurity vulnerabilities, some of which could affect how a medical device operates.”

There were no known instances of this actually occurring as yet, the FDA added.

The pacemaker impacted are called: Accent, Anthem, Accent MRI, Accent ST, Assurity and Allure. The recall doesn’t apply to implantable cardiac defibrillators (ICDs) or cardiac resynchronisation ICDs.

The FDA advised people with the affected pacemakers visit their doctor so the firmware in the device could be updated to circumvent the security risk. The administration made clear that it considered this advice to be a recall, although it did not advise people to have the pacemakers removed.

Instead, the update process would take about three minutes, it said. But it did warn that there was a very low risk that the update could cause the pacemaker to lose its programmed settings, lose diagnostic data, or completely stop functioning.

Pacemakers fitted after August 28 would have the update automatically pre-loaded, the FDA said.

About 465,000 people in the US have been implanted with the devices that are vulnerable to hacking, according to the FDA. 

The ABC reported that Abbott’s had about 20 percent of the Australian pacemaker market; about 11,375 pacemakers were implanted in Australia in total last year. 

Australia’s Therapeutic Goods Administration told the ABC that it was aware of the recall and was reviewing what action may be required in Australia.

Although the possibility of a medical device being hacked may seem remote, former US Vice President Dick Cheney revealed in 2013 that his doctors had disabled the wireless capabilities of his own pacemaker to thwart possible assassination attempts through hacking the device.

And a plot in the hit TV show Homeland showed terrorists hacking the medical device of a fictional US vice president.

Do you have a pacemaker? Does it have remote monitoring capabilities?