Advertisement

745,000 hackable pacemakers need software updates

A doctor is seen examining the X-ray images of a patient's pacemaker in the radiography department at the Casa di Cura San Feliciano hospital, in this arranged photograph in Rome, Italy, on Monday, July 23, 2012.
A doctor is seen examining the X-ray images of a patient's pacemaker in the radiography department at the Casa di Cura San Feliciano hospital, in this arranged photograph in Rome, Italy, on Monday, July 23, 2012. Alessia Pierdomenico/Bloomberg via Getty Images

A staggering 745,000 pacemakers could be hacked – if they don’t get a firmware update.

The manufacturer, Abbott, has issued a firmware update that has “additional security measures” for the pacemakers.

The pacemakers were made by St. Jude, which was acquired by Abbott in 2017.

The security measures include data encryption and the “ability to disable network connectively features,” the company said.

READ MORE: London Health Sciences Centre 1st in Ontario to implement leadless pacemaker

Around 465,000 of the affected pacemakers are in the United States, an alert from the FDA warned.  Another 280,000 are around the world. It’s unknown how many are in Canada.

Health Canada has been monitoring the issue, but says the device meets the “stringent” requirements for safety and effectiveness.

Story continues below advertisement

“Health Canada has been working with the manufacturer when it was made aware of the issue in January 2017 to adequately and appropriately mitigate the risks associated with the identified cybersecurity vulnerabilities,” spokesperson Adriana Willson said in an email.

Tweet This

“After reviewing the matter with the company, Health Canada has determined that the risks of cyberattack are being adequately mitigated.”

The Department of Homeland Security told the BBC that only a “high skill” hacker would be able to exploit the cyber vulnerabilities.

The company stressed that there was no reports of unauthorized access to patients’ devices, but that the firmware update is part of the company’s commitment to keep their products safe and secure, officials said in a release.

READ MORE: Health Canada recalls St. Jude defibrillators over faulty battery after 2 deaths (Oct. 2016)

“All industries need to be constantly vigilant against unauthorized access,” Robert Ford, executive vice president of Medical Devices, said.

There are small risks to updating the device (a less than one per cent chance of complications) so both the FDA and the company recommend talking to your physician at your next scheduled appointment.