Recall is a Wakeup call: Abbott Announces Defib Cybersecurity Updates


Today, Abbott announced the latest in what it has described as a planned series of cybersecurity updates for the company’s implantable cardioverter defibrillators (ICDs). The voluntary recall reportedly applies to 382,000 devices in the U.S. alone, 350,000 of which are currently implanted in patients.

The FDA said in its simultaneous alert about the firmware update that it “ intended as a corrective action (recall), to reduce the risk of patient harm due to premature battery depletion and potential exploitation of cybersecurity vulnerabilities for certain Abbott ICDs and CRT-Ds.” The Department of Homeland Security also released an advisory and said the vulnerabilities, if successfully exploited, “..may allow a nearby attacker to gain unauthorized access to an ICD to issue commands, change settings, or otherwise interfere with the intended function of the ICD.” Abbott issued its first ICD update in August 2017, as did the FDA, and that voluntary recall reportedly covered 465,000 devices. HealthInfoSecurity said in its coverage of the original recall that it was the first of its kind for a network-connected implantable device due to cybersecurity vulnerabilities.

Warning bells should be ringing loudly right now. These kind of recalls will continue because the industry’s focus is primarily on enabling software patches for vulnerable medical devices. Beyond support for software updates (which can themselves become a threat surface from which medical devices can be compromised), the industry should look more holistically at the end-to-end security of the entire connected health solution. Thirdwayv is doing this across the solution’s complete lifecycle, from the factory to device delivery and use. It’s the only way to combat all of the threats facing today’s connected medical devices.

Until now, medical device recalls have been voluntary, no breaches have occurred, and no patients have been harmed. The industry needs to deliver the kind of comprehensive IoT healthcare security that makes sure this continues to be the case.

Related Posts

Popularity of Remote Patient Monitoring Skyrockets — Is it Secure?

A recent report from commercial intelligence platform provider Definitive Healthcare revealed that remote patient monitoring insurance reimbursement claims rose 1,294% from January 2019 to November 2022. It’s likely that a desire to minimize contact during the pandemic drove much of this demand.  But remote patient monitoring claims continued to grow even after people resumed face-to-face…

Countdown to Safer Medical Devices

A six-month clock started ticking late last year, counting down to the FDA’s new deadline for updating its public-facing guidance for improving the cybersecurity of medical devices. This requirement became law on Dec. 29, 2022, as part of a $1.7 trillion Omnibus Appropriations Bill that also includes new rules for submitting applicable medical devices to…

Getting Real about Real-Time Location Systems

Real-Time Location Systems, or RTLS, emerged in the 1990s for use by government and military entities. The technology has been adopted in manufacturing, logistics and aerospace applications for years. Now it is coming into its own in a growing variety of other applications, from healthcare consignment inventory management to retail item tracking. It’s time to…