Implantable Cardiac Pacemakers by Abbott (formerly St. Jude Medical): Safety Communication

Modesto Morganelli
Agosto 30, 2017

It is the second such update since Abbott acquired St. Jude earlier this year.

Abbott Laboratories, which acquired Minnesota-based St. Jude Medical in January, released a software update on Tuesday meant to improve the cybersecurity protections for 465,000 implanted pacemakers in the United States. The recall applied to devices implanted in the US, Canada, and Australia.

The company also identified a separate problem with lithium batteries in its heart devices a year ago. "Abbott is resolving all old St. Jude Medical issues".

The FDA cited Abbott with a warning letter in April over deficiencies in how the St. Jude plant in Sylmar, Calif., has handled the battery-depletion issue and the cybersecurity issue.

At the same time, Abbott said it is releasing another update, known as the Battery Performance Alert, for its implantable cardioverter defibrillators (ICDs), so as to alert physicians for a possible risk of premature battery depletion. The company said there have been no reports of unauthorized access to any patient's implanted device and that compromising the security of the devices would require a complex set of circumstances. No malicious attack has been documented, but officials with the Food and Drug Administration and Homeland Security Department have confirmed that the St. Jude devices contained vulnerabilities that could allow patient harm.

The US Food and Drug Administration (FDA) has approved new firmware from Abbott Laboratories created to fix vulnerabilities in its St Jude cardiac pacemakers which could allow hackers to deplete the device battery. It can't be installed via St. Jude's Merlin@home application.

The FDA said the benefits of continuing treatment outweighed cyber risks, and DHS said only an attacker "with high skill" could exploit the vulnerability.

A report from investment firm Muddy Waters Capital and security researcher MedSec found St. Jude's pacemakers and other heart devices are vulnerable to hacking and other cybersecurity threats. St. Jude promptly sued Muddy Waters in Minnesota court for defamation. The short-selling firm said it believed that disclosure of the vulnerabilities could cause the $25 billion deal to fall apart, but Abbot completed the deal in January.

Altre relazioniGrafFiotech

Discuti questo articolo

Segui i nostri GIORNALE