Pacemaker patch passes probe by US watchdog
The Doctor will see you now to re-program your St Jude implant
It's probably the most crucial patch of the year: Abbott Laboratories' reworked firmware for its St Jude pacemakers has won the US Food and Drug Administration approval to ship.
According to the regulator's statement, the upgrade should go smoothly, nearly all the time.
Its statement says “installing the updated firmware could potentially result in the following malfunctions (including the rate of occurrence previously observed).” Here are the risks to which users will be exposed:
- Reloading of previous firmware version due to incomplete update (0.161 percent),
- Loss of currently programmed device settings (0.023 percent),
- Loss of diagnostic data (none reported), and
- Complete loss of device functionality (0.003 percent).
Problems with various pacemakers and the Merlin@Home control system, made by St Jude (which Abbott later acquired), first emerged when MedSec Holdings uncovered the bugs, shorted St Jude's shares, and then went public with its findings.
The Merlin@Home patch landed in January.
The pacemaker firmware flaws covered by the patch “could be used to modify programming commands to the implanted pacemaker, which could result in patient harm from rapid battery depletion or administration of inappropriate pacing.”
In approving the firmware, the FDA notes the upgrade means patients won't need new devices replacement. Instead they will have to attend their specialist, but the patch is applied using the RF wand that programs the pacemaker.
Abbott's letter (PDF) issued in conjunction with the FDA says the patch also includes data encryption, and disables network connectivity features. ®
Sponsored: Becoming a Pragmatic Security Leader