Ordinarily, when you hear of a recall on a product it usually has to do with eggs, ice cream, or some other miscellaneous food product. But a recent report shows there has been a recall in pacemaker products. Considering the critical need required of pacemakers this could lead to seem very serious if not fatal results.
The Hacker News reported,
“Almost half a million people in the United States are highly recommended to get their pacemakers updated, as they are vulnerable to hacking. The Food and Drug Administration (FDA) has recalled 465,000 pacemakers after discovering security flaws that could allow hackers to reprogram the devices to run the batteries down or even modify the patient’s heartbeat, potentially putting half a million patients lives at risk. A pacemaker is a small electrical battery-operated device that’s surgically implanted in the chest of patients to help control their heartbeats. The device uses low-energy electrical pulses to stimulate the heart to beat at a normal rate.
Six types of pacemakers, all manufactured by health-tech firm Abbott (formerly of St. Jude Medical) are affected by the recall, which includes the Accent, Anthem, Accent MRI, Accent ST, Assurity, and Allure. All the affected models are radio-frequency enabled cardiac devices—typically fitted to patients with irregular heartbeats and patients recovering from heart failure—and were manufactured before August 28th.
In May, researchers from security firm White Scope also analysed seven pacemaker products from four different vendors and discovered that pacemaker programmers could intercept the device using “commercially available” equipment that cost between $15 to $3,000.
“Many medical devices—including St. Jude Medical’s implantable cardiac pacemakers—contain configurable embedded computer systems that can be vulnerable to cybersecurity intrusions and exploits,” the FDA said in a security advisory. “As medical devices become increasingly interconnected via the Internet, hospital networks, other medical devices, and smartphones, there is an increased risk of exploitation of cybersecurity vulnerabilities, some of which could affect how a medical device operates.” To protect against these critical vulnerabilities, the pacemakers must be given a firmware update. The good news is that those affected by the recall do not require to have their pacemakers removed and replaced.”
The article also reported the following,
“Instead, patients with these implanted, vulnerable device must visit their healthcare provider to receive a firmware update—something that would take just 3 minutes or so to complete—that can fix the vulnerabilities.
In the U.S., the pacemaker devices to which the firmware update applies include Accent SR RF, Accent MRI, Assurity, Assurity MRI, Accent DR RF, Anthem RF, Allure RF, Allure Quadra RF, and Quadra Allure MP RF. Outside of the U.S., the pacemaker devices to which this update applies include Accent SR RF, Accent ST, Accent MRI, Accent ST MRI, Assurity, Assurity +, Assurity MRI, Accent DR RF, Anthem RF, Allure RF, Allure Quadra RF, Quadra Allure MP RF, Quadra Allure, and Quadra Allure MP.
As a result of the firmware update, any external device trying to communicate with the pacemaker will require authorization. Moreover, the software update also introduces data encryption, operating system fixes, the ability to disable network connectivity features, according to Abbott’s press release published on Tuesday, August 29. Any pacemaker device manufactured beginning August 28, 2017, will have the firmware update pre-installed and will not need the update. The FDA recall of devices does not apply to implantable cardiac defibrillators (ICDs) and cardiac resynchronization ICDs.
Abbott is working with the FDA, the U.S. Department of Homeland Security (DHS), global regulators, and leading independent security experts, in efforts to “strengthen protections against unauthorized access to its devices.” Although there are no reports of compromised pacemakers yet, the threat is enough to potentially harm heart patients with an implanted pacemaker that could even put their lives at great risk.
A recall of this size is a very serious problem and had it not been caught there could have been even more serious consequences. Especially given the fact this is a mechanical device and not just food. There needs to be more oversight for this type of problem.
One of the larger issues at hand lies in the trust that people have in connectivity and the technological product. If people don’t trust this product and feel it could be hacked at any time they will stop using it. But this is a lifesaving and necessary product and if not used properly could lead to fatalities. This is not the type of crisis of confidence that people can have. Otherwise, the consequences could be devastating.
The FDA should enhance the research they already do to ensure this type of problem doesn’t happen again. Whether it is done through increased funding or in increased regulatory authority something clearly needs to change. Because this type of result is completely unacceptable.
Share if you believe something needs to be done to increase oversight to ensure this doesn’t happen again!
FOLLOW us on Facebook at Freedom Daily!