Security Architecture, Endpoint/Device Security, IoT, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Patch/Configuration Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Abbott Laboratories securing vulnerable pacemakers with firmware and software updates

Healthcare product manufacturer Abbott Laboratories is working with regulatory authorities to update the firmware and software in its implantable pacemakers, in an effort to shore up a security vulnerability that could lead to unauthorized access.

The announcement was made on the same day that the FDA issued a security advisory indicating that it approved Abbott's firmware update on Aug. 23, and that patients should consider this an official product recall "to reduce the risk of patient harm due to potential exploitation of cybersecurity vulnerabilities..." According to the FDA, 465,000 pacemakers in the U.S. are impacted. Meanwhile, the BBC reported that 745,000 implanted devices are impacted worldwide.

Patients will have to visit a health care provider in person to receive the update, as it cannot be executed remotely.

As a result of the firmware update, any external device attempting to communicate with the pacemaker will now require authorization. Additionally, the corresponding software update will introduce data encryption, operating system patches, the ability to disable network connectivity features, Abbott announced in a press release on Tuesday, Aug. 29.

The pacemakers were originally developed by St. Jude Medical, which was officially acquired by Abbott in January of 2017. Almost immediately following the purchase,the  Lake Bluff, Ill.-based company took steps to improve the security of its inherited products by updating the software for the Merlin@home transmitter, a home monitor solution that sends data via a wireless RF signal from patient devices to a cloud server.

"All industries need to be constantly vigilant against unauthorized access," said Robert Ford, executive vice president, medical devices at Abbott, in the press release. "This isn't a static process, which is why we're working with others in the health care sector to ensure we're proactively addressing common topics to further advance the security of devices and systems."

Affected pacemakers include various models listed under its Accent, Allure, Anthem, and Assurity product lines. The company also just updated its implantable cardioverter defibrillators to include a Battery Performance Alert mechanism that defends against premature battery depletion.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.