Abbott Releases Firmware Upgrade to Fix Vulnerabilities
Abbott, the leading manufacturer of medical devices, releases a firmware upgrade that would fix cyber security vulnerabilities in certain cardiac devices.
Health Data Management reports- “Medical device manufacturer Abbott has released a firmware upgrade to fix cybersecurity vulnerabilities in certain radio frequency-enabled implantable cardioverter defibrillators and cardiac resynchronization therapy defibrillators.”
The FDA ( Food and Drug Administration) has approved the upgrade to Abbott’s implantable ICDs and CRT-Ds. Both of these were originally manufactured by St. Jude Medical and later bought by Abbott, in 2017. As per the FDA recommendations, all eligible patients should receive the firmware update. For this, the patient would need to visit a healthcare provider in person and get it done.
The FDA, upon reviewing information relating to the potential cyber security vulnerabilities in the implantable cardiac pacemakers manufactured by St. Jude Medical, found that these vulnerabilities could help any unauthorized person to access a patient’s device using commercially available equipment.
Health Data Management quotes William Maisel, acting director of the Office of Device Evaluation and chief scientist in the FDA’s Center for Devices and Radiological Health- “Cybersecurity risks in networked medical devices are constantly evolving, which means medical device manufacturers and hospitals must be vigilant in the face of changing threats in order to protect patient safety…Because all networked medical devices are potentially vulnerable to cybersecurity threats, the FDA has been working diligently with device manufacturers and other stakeholders to ensure the benefits of medical devices to patients continue to outweigh any potential cybersecurity risks.”
Abbott has reportedly clarified that there have been no events of unauthorized access to any patient’s implanted device. The company has also clarified that no new vulnerabilities have been identified. The cyber security update, as per the company, has been done to provide an extra layer of security against any kind of unauthorized access targeting these devices. Thus, no one other than a patient’s authorized physician would be able to change device settings.
The Abbott firmware upgrade also includes an enhanced device-based battery performance alert, which would enable patients and physicians to manage battery performance in a better way.
Abbott had in 2017 announced a series of planned firmware releases for pacemakers, programmers, and remote monitoring systems. The current updates are part of that series and are now available for ICDs and CRT-Ds.
The families of ICD and CRT-D devices that are covered under this current firmware update includeFortify Assura, Quadra Assura, Quadra Assura MP, Unify, Unify Assura, Unify Quadra, Promote Quadra and Ellipse. Similarly, the battery performance alert update that has been done is for the following high voltage devices which have been manufactured between January 2010 and 2015- Fortify, Fortify Assura, Quadra Assura, Quadra Assura MP, Unify, Unify Assura and Unify Quadra.
Julia Sowells960 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.