FDA recalls 465,000 pacemakers open to cyber attack

The United States Federal Drug Administration (FDA) is recalling 465,000 pacemakers that could be hacked by attackers.

The Food and Drug Administration (FDA) is recalling roughly half a million pacemakers because they are vulnerable to hacking, million people in the United States urge to get their pacemakers updated.

In May, researchers from security firm White Scope analyzed seven pacemaker models commercialized by four different manufacturers and discovered that medical devices could be hacked with  “commercially available” equipment that goes between $15 to $3,000.

The FDA has recalled 465,000 pacemakers after discovering security vulnerabilities that could be exploited by hackers to reprogram the medical devices to run the batteries down or in a terrifying hacking scenario to modify the patient’s heartbeat.

 

The good news is that there are no reports of hacked pacemakers yet.

 

The affected devices belong to six types of pacemakers manufactured by firm Abbott, they include the Accent, Anthem, Accent MRI, Accent ST, Assurity, and Allure.

In the U.S., an updated version of the firmware is available for Accent SR RF, Accent MRI, Assurity, Assurity MRI, Accent DR RF, Anthem RF, Allure RF, Allure Quadra RF, and Quadra Allure MP RF.

Pacemakers installed abroad includes Accent SR RF, Accent ST, Accent MRI, Accent ST MRI, Assurity, Assurity +, Assurity MRI, Accent DR RF, Anthem RF, Allure RF, Allure Quadra RF, Quadra Allure MP RF, Quadra Allure, and Quadra Allure MP.

The companies developed a firmware update that force authentication the to connect the devices.

The devices were manufactured before August 28th.

“Many medical devices—including St. Jude Medical’s implantable cardiac pacemakers—contain configurable embedded computer systems that can be vulnerable to cybersecurity intrusions and exploits,” reads the FDA security advisory.

“As medical devices become increasingly interconnected via the Internet, hospital networks, other medical devices, and smartphones, there is an increased risk of exploitation of cybersecurity vulnerabilities, some of which could affect how a medical device operates.”

Fortunately, the firmware running on the affected pacemakers could be updated without removing them from the patients.

Patients should go to their healthcare provider to receive a firmware update, an operation that is very simple that would take just 3 minutes.

The update also includes further operating system fixes, encryption, operating system fixes, and also the ability to disable network connectivity features.

“The new pacemaker firmware update is part of Abbott’s planned enhancements that began with updates announced in January 2017 to the Merlin@home™ v8.2.2 software. The new updates provide an additional layer of security against unauthorized access to these devices.” reads the Abbott’s press release.

“The update contains a software release that includes data encryption, operating system patches, and the ability to disable network connectively features, in addition to the firmware update.”

“Every pacemaker manufactured beginning Aug. 28, 2017, will have this update pre-loaded in the device and those devices will not need to be updated.”

[adrotate banner=”9″]

Pierluigi Paganini

 

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.

APPLY NOW

10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase

X