Perth pacemaker shock: medical giant concerned about hackable devices

Stock image.
Stock image.

HUNDREDS of people in Perth fitted with cardiac pacemakers may have to get their device’s software updated after it was proven they were susceptible to being hacked.

Medical device giant St Jude Medical, which now trades under the name Abbott Laboratories, will soon begin installing software updates on pacemakers which are vulnerable to being hacked.

The US Federal Drug Administration (FDA) issued a voluntary recall for the devices on Tuesday, with more than 465,000 people in that country affected.

The models affected are the Accent, Anthem, Accent MRI, Accent ST, Assurity and Allure. (To read the FDA recall notice click here.)

It is understood the security flaw could allow someone to access the device, use it to change the settings or switch it off completely.

This means a hacker could administer electrical shocks and change a person’s heart rate.

The situation is reminiscent of a plot line in the TV series Homeland, in which a terrorist hacked the pacemaker of the fictional vice-president.

No incidents of real-life hacking have been documented.

Abbott Laboratories in Australia has been contacted to ascertain precisely how many people in Perth are fitted with the vulnerable pacemakers.

“As medical devices become increasingly interconnected via the Internet, hospital networks, other medical devices, and smartphones, there is an increased risk of exploitation of cybersecurity vulnerabilities, some of which could affect how a medical device operates,” the FDA wrote.

“The FDA has reviewed information concerning potential cybersecurity vulnerabilities associated with St Jude Medical’s RF-enabled implantable cardiac pacemakers and has confirmed that these vulnerabilities, if exploited, could allow an unauthorized user to access a patient’s device using commercially available equipment.

“This access could be used to modify programming commands to the implanted pacemaker, which could result in patient harm from rapid battery depletion or administration of inappropriate pacing.”

In a statement Abbott said having connected devices has a positive impact on patient health, and said they had developed a new firmware with additional security measures to address the problem.

“There have been no reports of unauthorized access to any patient’s implanted device, and according to an advisory issued by the U.S. Department of Homeland Security, compromising the security of these devices would require a highly complex set of circumstances,” Abbott’s executive vice president of medical devices Robert Ford said.

“Abbott is communicating with regulatory authorities worldwide to implement the new updates to the implantable devices.

“Abbott’s recommendation, and that of its Cyber Security Medical Advisory Board, is that a patient have a conversation with their physician to determine if the update is right for them.

“All industries need to be constantly vigilant against unauthorized access.

“This isn’t a static process, which is why we’re working with others in the healthcare sector to ensure we’re proactively addressing common topics to further advance the security of devices and systems.”

MORE: Two men charged over Balga murder 

MORE: Police hunt for Langford ram raiders