FDA Approves Firmware Fix for St Jude Pacemakers

Adjust Comment Print

Recommendations include an in-person visit with the patient in question's health care provider, as the update can not be done online.

The St. Jude Medical pacemaker flaws that an investor relied on to short the company's stock has a new patch to address the issue. Based on the failure rate of previous firmware updates, Abbott thinks there is a less than 0.03% chance of the device losing its settings or functionality.

The FDA has reviewed information concerning potential cybersecurity vulnerabilities associated with St. Jude Medical's RF-enabled implantable cardiac pacemakers and has confirmed that these vulnerabilities, if exploited, could allow an unauthorized user (i.e. someone other than the patient's physician) to access a patient's device using commercially available equipment.

The FDA also recommends pacing-dependent patients install the update where a backup pacemaker generator is nearby.

The Food and Drug Administration on Tuesday issued an alert about the first recall of a network-connected implantable device due to cybersecurity vulnerabilities.

Pharmaceutical company Abbott Laboratories (ABT) has made updates to its implantable pacemakers and defibrillators in conjunction with its ongoing efforts to boost patient safety, and prevent the devices from external hackers. The Merlin Programmer and Merlin@home Transmitter will provide the authorization.

Salmonella Cases in Connecticut Linked to Pet Turtles
The result linked salmonella infections in United States citizens with a bacteria carried by those tiny turtles. These outbreaks are a reminder to follow simple steps to enjoy pet reptiles and keep your family healthy.


In Tuesday's announcement, William Maisel, acting director of the Office of Device Evaluation and chief scientist in the FDA's Center for Devices and Radiological Health highlighted broader industry concerns about evolving networked medical devices that require manufacturers to "to be vigilant in the face of change threats". This home monitor wirelessly reads and shares data stored on implanted cardiac devices.

There haven't been any reports of the vulnerability being exploited in the wild, according to the FDA.

The result of which would drain battery power or the administration of inappropriate pacing.

Abbott acquired Minnesota-based St. Jude in January for $25 billion, despite the battery and cybersecurity issues, in hopes of making cardiovascular and chronic pain management key parts of Abbott's business.

"Your firm did not confirm all required corrective and preventive actions were completed, including a full root cause investigation and the identification of actions to correct and prevent recurrence of potential cybersecurity vulnerabilities, as required by your CAPA procedures", the FDA wrote in its warning letter.

Comments