Is it a recall? Is it a software update? Well, it's actually both. Abbott, the medical device company that produces implantable cardiac pacemakers under the St. Jude’s Medical brand, has issued a "corrective action," per the Food and Drug Administration, to mitigate what it calls the "risk of patient harm due to potential exploitation of cybersecurity vulnerabilities." That's right, it's asking 465,000 people with certain devices to visit their doctors and get a firmware update so that their implants are not so easy to hack into. They say patients should schedule a visit with their doctor, and that the process will take three minutes start to finish, during which time all essential features will run in backup mode, reports Consumerist. It's unclear how many people in other countries are affected.
Over the past decade, there's been an increase in reports of serious vulnerabilities in pacemakers, insulin pumps, and other medical devices, reports Ars Technica. That's because they're now outfitted with tiny radio-frequency equipment for remote maintenance that no longer requires new and costly surgeries when the devices need updating. Back in May, Engadget reported that security company WhiteScope found 8,000 bugs hackers could exploit in pacemaker programs alone. While attackers must be within 50 feet of the device to hack into it, and no one has yet to die from a cyber attack, some argue that the mere threat of an attack is reason enough to make these devices as sophisticated and protected as possible. (One pacemaker was used in an arson investigation.)