Skip to content

FDA Announces Fix for Pacemaker Security Flaws

More than 450k implanted devices could be hacked

pacemaker hack


The FDA announced that nearly half a million pacemakers are vulnerable to hacking, but a software update administered at a doctor's office can resolve the issue.

Almost half a million Americans with implantable pacemakers are at risk of having the devices hacked and should visit their health care providers for an urgent firmware update, the Food and Drug Administration recently announced.

Late last week, the FDA released a statement notifying patients about the available update. This follows the announcement earlier this year that 465,000 pacemakers manufactured by Abbott Laboratories contain security flaws that could allow hackers to access the implanted devices, which help control abnormal heart rhythms in patients. Abbott was formerly known as St. Jude Medical.

"This access could be used to modify programming commands to the implanted pacemaker, which could result in patient harm from rapid battery depletion or administration of inappropriate pacing," according to the FDA statement.

In other words, until the patient’s device receives the update, a hacker conceivably could take control of the pacemaker or shut it off entirely. The FDA pointed out that despite the vulnerability, there have been no known incidents of anyone exploiting the flaw.

The availability of the software update is good news for those affected, as it means they won’t have to have new devices implanted. Abbott, which issued a voluntary recall of the affected devices, says the update would take only about three minutes in a doctor’s office, and that the device would run on backup as the installation takes place.

The announcement about the hackable pacemakers sounds like a plot point out of a sci-fi or murder mystery film — in fact, such an occurrence was written into the second season of Showtime’s terrorism drama Homeland as an assassination method. But experts say it’s now reality, and the pacemaker situation is a stark warning about the consequences of connected medical devices.

Josh Corman, director of the Cyber Statecraft Initiative at the Atlantic Council, said he hopes this serves as a wake-up call to the medical industry as it implements new technology. He called it a key moment in the evolution of connected medical devices.

"I'm hoping that what device makers and physicians get out of this is we shouldn't just assume that connecting medical technology makes this better," Corman told CNN.