mobile-bannertablet-bannerdesktop-banner

465,000 Pacemakers Recalled on Hacking Fears

Aug 31, 2017

The Food and Drug Administration is alerting people to a voluntary recall of 465,000 pacemakers after security vulnerabilities were discovered that could let hackers reprogram the devices, potentially putting patient lives at risk.

Several devices from Abbott (formerly known as St. Jude Medical) are included in the recall, which the FDA says is intended as a "corrective action", including the Accent, Anthem, Accent MRI, Accent ST, Assurity, and Allure.

The good news: If you're affected by the recall, you won't have to have the pacemaker removed and replaced. (In fact, the FDA recommends against that.) Officials say the vulnerability can be fixed with an upgrade to the device's firmware, something that takes just three minutes or so to complete. (While the system is updating, the device will work in backup mode, ensuring its essential features remain in operation.)

The FDA says there have been no known reports of patients being harmed by the vulnerability to date. The recall does not apply to any implantable cardiac defibrillators (ICDs) or cardiac resynchronization ICDs.

White hat hackers have previously pointed out the risks with connected medical devices. In its announcement, the FDA noted that this vulnerability could allow third parties to rapidly drain the pacemaker's battery or adjust the operation of the device.

"The FDA reminds patients, patient caregivers, and health care providers that any medical device connected to a communications network (e.g. wi-fi, public or home Internet) may have cybersecurity vulnerabilities that could be exploited by unauthorized users," the organization said. "However, the increased use of wireless technology and software in medical devices can also often offer safer, more efficient, convenient, and timely health care delivery."

Abbott, in a statement, said it is focused on ensuring any vulnerabilities are swiftly addressed.

“As we’ve said before, Abbott is resolving all old St. Jude Medical issues," the company said. "These planned updates further strengthen the security and device management tools for our connected cardiac rhythm management devices. The cybersecurity landscape is always changing, which is why we’re working across the healthcare sector to proactively address issues that affect all connected technologies.”

Editor's note: This post has been updated to indicate that the recall is voluntary.

All products and services featured are based solely on editorial selection. FORTUNE may receive compensation for some links to products and services on this website.

Quotes delayed at least 15 minutes. Market data provided by Interactive Data. ETF and Mutual Fund data provided by Morningstar, Inc. Dow Jones Terms & Conditions: http://www.djindexes.com/mdsidx/html/tandc/indexestandcs.html. S&P Index data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Terms & Conditions. Powered and implemented by Interactive Data Managed Solutions