FDA Recalls Nearly 500K Pacemakers Found To Be Vulnerable To Cyber Hacking
"Many medical devices - including St. Jude Medical's implantable cardiac pacemakers—contain configurable embedded computer systems that can be vulnerable to cybersecurity intrusions and exploits. As medical devices become increasingly interconnected via the Internet, hospital networks, other medical devices, and smartphones, there is an increased risk of exploitation of cybersecurity vulnerabilities, some of which could affect how a medical device operates," the FDA warns.
So far there are no known cases of any pacemakers being hacked, though it is not inconceivable that someone would do such a thing. We are reminded of an incident back in 2008 when some jerks on the Internet descended on an epilepsy support forum and posted flashing pictures and links to pages overwhelmed with pulsating images, in an attempt to induce seizures.
This represents the double-edged sword of technology, and wireless connectivity in particular. Pacemakers are devices that are installed in the upper chest area with insulated wires that go directly into the heart. This allows for the correction of irregular heartbeats that could otherwise be life threatening. Doctors use radio frequencies signals to adjust the pacemakers, but RF-enabled pacemakers do not require authentication. That leaves them vulnerable to remote hacking.
The updated firmware addresses this issue by requiring authorization when a device tries to communicate with an implanted pacemaker. In order to have the firmware updated, patients must make an in-person visit to their healthcare provider.