Another cybersecurity risk involving medical devices. These are, of course, very concerning.
Global healthcare and research firm Abbott is reportedly recalling 465,000 of their pacemakers after discovering a security vulnerability that could expose the medical device to malicious hackers. The recalled devices will have software updated to “reduce the risk of patient harm due to potential exploitation of cybersecurity vulnerabilities“, regulators confirm.
According to reports, hackers could “access a patient’s device using commercially available equipment” and “modify programming commands to the implanted pacemaker, which could result in patient harm from rapid battery depletion or administration of inappropriate pacing.”
The Abbott pacemaker recall
The recall is a pre-emptive action with no reports of patient harm or injury linked to the device’s cyber flaw. Six different models of the pacemakers are reportedly affected by the recall and are supplied under the brand names as follows:
- Accent
- Accent MRI
- Accent ST
- Allure
- Anthem
- Assurity
About the devices
Abbott’s pacemakers are lifesaving medical devices that can regulate a patient’s heartbeat. The device emits electrical pulses to help the heart pump regularly.
The matchbox-sized device contains a battery and a tiny computer circuit connected to wires that are attached to the heart. This computer circuit can be programmed to speed up the heart beat if it naturally beats too slowly. However, a security flaw found that the device’s electronic signals can be hacked into and remotely sped up, slowed down or even have the battery drained.
A serious problem identified
Pacemakers are incredibly common medical devices as millions of people suffer from heart disease or with heart conditions and rely on these devices to keep their heart beating. News that their pacemaker could be hacked is sure to cause distress to some, however users are being asked not to panic…
Not a new concern
Online federal technology newspaper FCW notes that cybersecurity experts and intelligence officials have raised concerns over healthcare devices being the new target in military attacks in the past. Former CIA Deputy Director Michael Morell admitted:
“…if I was still in the CIA, and I learned an ISIS leader had an internet-connected pacemaker I’d ask my guys how we could use that to get to him.”
Emmy award-winning TV show Homeland depicted the assassination of the Vice-President of the United States by hackers who manage to obtain the device’s unique identification number and remotely send excessive electrical shocks to incite a fatal heart attack. Elaborate, but entirely possible. It’s thought that a hacker would need to be highly skilled to carry out such an attack, but that isn’t the most reassuring of statements.
As Abbott and other healthcare providers develop lifesaving medical devices, they cannot afford to neglect current world affairs like the rise of cyberattacks. Anything that is connected to the internet must be rigorously tested and protected from unauthorised access and control. For healthcare, this includes medical devices that can be controlled remotely.