Cyber-security threat: 745,000 pacemakers could be hacked

A total of 745,000 pacemakers made by St Jude Medical are vulnerable to hacking and possibly remote control, the BBC reports, citing US manufacturer Abbott, which now owns St Jude Medical.

About 465,000 of the pacemakers are implanted in US patients and another 280,000 are used worldwide, the BBC said.

Abbott has yet to comment on whether any UK patients are at risk. Thousands of the devices are believed to be in Australia and the Therapeutic Goods Administration is trying "to determine what, if any, action is required", Australia's ABC News reports.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

Health Canada says it reviewed the problem with Abbott and the risks of a cyberattack were being "adequately mitigated”, SC magazine reports.

Theoretically, the flaw could allow hackers to control the devices to pace too quickly or run down batteries, although Abbott said it wasn't aware of that ever happening and US Homeland Security told the BBC that an attacker would need "high skill" to exploit the vulnerabilities.

Abbott's "recall" won’t see the pacemakers removed. Instead, patients are advised to ask doctors about a firmware update which takes about three minute. The pacemakers can receive a revised code by being placed close to a radio wave-emitting wand in a process that lasts about three minutes, the BBC says.

St Jude recalled some of its 400,000 implanted heart devices last October due to risk of premature battery depletion, which was linked to two deaths in Europe, Reuters says.

Wired magazine reported earlier this year that medical devices were "broadly vulnerable" to attack.

"In a December investigation of new generation implantable cardiac defibrillators, British and Belgian researchers found security flaws in the proprietary communication protocols of 10 ICDs currently on the market," the magazine said.