FDA Recalls 465,000 Pacemakers Over Cyber Security Threat

What is the Cyber Security Threat Risk to Heart Patients with Pacemakers?

Cyber security threats present a daily danger as we are all linked more each day through electronic devices, and now hackers are targeting life-saving medical devices for cyber attacks. The FDA is warning nearly half a million heart patients in the United States that their pacemakers are now vulnerable to hackers, and is issuing a recall to repair the security flaws in the affected pacemakers.

The affected pacemakers with the following brand names:

  • Accent SR RF™
  • Accent MRI™
  • Assurity™
  • Assurity MRI™
  • Accent DR RF™
  • Anthem RF™
  • Allure RF™
  • Allure Quadra RF™
  • Quadra Allure MP RF™

Pacemakers are small, implantable medical devices typically recommended for heart patients with slow or irregular heart rhythms, or those who are being treated for heart failure, to provide regular, consistent heartbeats. The pacemakers involved in the recall are all radio-controlled and originally manufactured by St. Jude Medical (no relation to St. Jude’s Hospital), now run by Abbott Industries.

Can Pacemakers be Hacked?

The FDA has confirmed these pacemakers are at risk for cyber attacks and recalled almost half a million for repair after cyber security firm MedSec found security flaws in the pacemakers’ software earlier this year. The security gaps make the pacemakers vulnerable to hackers who can alter programming to stop the pacemaker from working altogether or to alter the pacing of a patient’s heartbeat. The risk to the patient is an alteration of the patient’s heartbeat with the ultimate risk being death.

The FDA Safety Communication explained, “As medical devices become increasingly interconnected via the Internet, hospital networks, other medical devices, and smartphones, there is an increased risk of exploitation of cyber security vulnerabilities.”

Firmware Update Approved by FDA to Fix Security Flaw

The FDA has approved a firmware update from the manufacturer that enhances security by requiring devices to be authorized before the pacemaker will communicate with them. The update became available August 29 and takes only 3 minutes but must be done in person by your healthcare provider.

What Should You Do if Your Pacemaker is Recalled?

If you have one of the affected pacemakers, the FDA doesn’t suggest an emergency room visit but recommends discussing the firmware update at your next regularly scheduled appointment with your healthcare provider to discuss the risks versus benefits of having the firmware update.

Patients can also visit www.sjm.com/cyberupdate for additional information, or contact Abbott’s hotline at 1-800-722-3774.

The good news so far is no patient harm has resulted from the cybersecurity vulnerabilities of the affected pacemakers.

Report Any Problems with Drugs or Medical Devices to the FDA

 Consumers play a vital role in drug and medical device safety by communicating any problems, flaws, adverse events, or side effects they experience to the FDA. Please report any problems, side effects or adverse events you may suffer to both your healthcare provider and to the FDA through its MedWatch FDA Safety Information and Adverse Event Reporting Program by filing a report online at https://www.accessdata.fda.gov/scripts/medwatch/index.cfm?action=reporting.home.