The world of defective products is experiencing profound change. The last week in August, the FDA issued a recall which specifically warned about some elements of 13 different model types of Abbott (formerly St. Jude Medical) Pacemaker systems. It applies to some implantable cardiac pacemakers, including cardiac resynchronization therapy pacemaker (CRT-P) devices, and the insulated wire "leads" that connect to the heart. It does NOT apply to implantable cardiac defibrillators (ICDs) or cardiac resynchronization ICDs (CRT-Ds). Because these devices are part of a heart rhythmic control and management “system,” they can be monitored and adjusted by a doctor who is connected remotely to the patient via computer. But hackers have exposed a vulnerability in the operating system (OS). This means someone can compromise these Abbot Pacemakers by sending them commands which could affect their operation, and even a patient’s life. The “fix” requires patients to make a trip to their medical provider so a software update can be installed. According to the FDA, around 465,000 pacemakers in the U.S. are affected by the recall, though the number outside the U.S. is not known. No units have been compromised so far. But the potential consequences of such a breach could be life-threatening. It seems odd to think about at first. But like “smart” cars, and “intelligent” appliances, pacemakers and other medical devices are becoming smarter, with the ability to connect to mobile devices and larger “mother ship” diagnostic and command systems. This connectivity exposes a vulnerability. Without the necessary credentials, or a hack which bypasses or breaks this, someone can connect to online smart systems, potentially leading to defective medical device effects and compromising patient safety. But there’s another wrinkle to this story that involves a merger between two of the largest healthcare device makers in the world: Abbott Healthcare and the Canadian St. Jude Medical (not to be confused with the renowned children’s research hospital in Memphis, Tennessee).
Abbott and St. Jude Pacemaker Hacking Recall | Terry Bryant