On August 29, 2017, the U.S. Food and Drug Administration (USDA) issued a recall on 465,000 Abbott’s (formerly St. Jude Medical’s) implantable cardiac pacemakers. This recall was issued due to a software update that could potentially allow an unauthorized party to quickly deplete the device’s battery or adjust heart rates. The FDA stated that with any software update, there is a “very low risk” of malfunction, however, the new firmware update requires patients to visit their doctors in-person instead of using Merlin.net at home. The update process takes roughly 3 minutes to complete. The FDA does not recommend having the devices removed the update. The vulnerability is low and there have been no reported attacks as of now.
The FDA recommends the following for patients and caregivers:
Source: U.S. Food & Drug Administration
To read the official recall and view a list of all devices addressed, visit Firmware Update to Address Cybersecurity Vulnerabilities Identified in Abbott’s (formerly St. Jude Medical’s) Implantable Cardiac Pacemakers: FDA Safety Communication
If you suspect or experience a problem with these devices, we encourage you to file a voluntary report through MedWatch, the FDA Safety Information and Adverse Event Reporting program