thinking

Recall is a Wakeup call: Abbott Announces Defib Cybersecurity Updates

 

Today, Abbott announced the latest in what it has described as a planned series of cybersecurity updates for the company’s implantable cardioverter defibrillators (ICDs). The voluntary recall reportedly applies to 382,000 devices in the U.S. alone, 350,000 of which are currently implanted in patients.

The FDA said in its simultaneous alert about the firmware update that it “..is intended as a corrective action (recall), to reduce the risk of patient harm due to premature battery depletion and potential exploitation of cybersecurity vulnerabilities for certain Abbott ICDs and CRT-Ds.” The Department of Homeland Security also released an advisory and said the vulnerabilities, if successfully exploited, “..may allow a nearby attacker to gain unauthorized access to an ICD to issue commands, change settings, or otherwise interfere with the intended function of the ICD.” Abbott issued its first ICD update in August 2017, as did the FDA, and that voluntary recall reportedly covered 465,000 devices. HealthInfoSecurity said in its coverage of the original recall that it was the first of its kind for a network-connected implantable device due to cybersecurity vulnerabilities.

Warning bells should be ringing loudly right now. These kind of recalls will continue because the industry’s focus is primarily on enabling software patches for vulnerable medical devices. Beyond support for software updates (which can themselves become a threat surface from which medical devices can be compromised), the industry should look more holistically at the end-to-end security of the entire connected health solution. Thirdwayv is doing this across the solution’s complete lifecycle, from the factory to device delivery and use. It’s the only way to combat all of the threats facing today’s connected medical devices.

Until now, medical device recalls have been voluntary, no breaches have occurred, and no patients have been harmed. The industry needs to deliver the kind of comprehensive IoT healthcare security that makes sure this continues to be the case.

Related Posts

The Hidden Crisis Within Today’s Healthcare Crisis

The Healthcare Crisis of today – or, perhaps more accurately, over the past two years — has been never-ending waves of COVID-19 variants.  With “Alpha” starting in 2019 to the current “Omicron” & “BA.2” mutations, our hospital systems have been stretched to the breaking point.  This crisis has forced administrators to deal with huge patient…

Thirdwayv Applauds Insulet’s FDA Clearance for the World’s First Tubeless Automated Insulin System with Smartphone Control

Congratulations to Insulet and all the kids who will sleep better now after the company  announced FDA clearance of its Omnipod® 5 Automated Insulin Delivery System for people with type 1 diabetes aged 6 years and older. It is the first and only tubeless automated insulin delivery (AID) system in the US with compatible smartphone…

FDA Cybersecurity Playbook is out – so what?

The FDA’s long-awaited playbook on cybersecurity for medical devices is out, and while it covers critical topics related to preparedness and response, we hope it’ll soon be followed by efforts that focus on threat prevention.  The Playbook thoughtfully covers fundamental concerns for Healthcare Delivery Organizations  (HDOs) in managing cyber attacks on Healthcare and Public Health infrastructure…