Factors Influencing the Decision to Proceed to Firmware Upgrades to Implanted Pacemakers for Cybersecurity Risk Mitigation
In August 2017, the first major recall for cybersecurity vulnerabilities in pacemakers capable of remote connectivity was released that impacted 465,000 United States patients.1,2 The FDA approved a firmware update designed by the manufacturer of the devices as a remediation (Abbott , formally St. Jude Medical). The recall was in response to the public disclosure of vulnerability by an investment firm and produced in a lab environment that could allow an unauthorized party in close proximity to a patient to impact the performance of the device or modify device settings via radio frequency communication.3 While an exploit has not occurred in a patient and requires a high degree of resources and skill to execute, if accomplished, it could pose a significant risk to device safety and essential performance and cause patient harm. The FDA defines this as an uncontrolled vulnerability.2 The recall recommendations were coordinated between the FDA, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a division of Homeland Security that responds to and coordinates disclosure of critical infrastructure cybersecurity vulnerabilities and Abbott.1 All parties urged caution and shared decision making between patient and clinician as to whether to have the device firmware update, a process that requires a clinic visit to implement with a device programmer. The manufacturer bench tested the firmware update but the only prior experience with an implanted device firmware updates was a 2012 ICD firmware update that demonstrated a 0.197% risk of device back-up mode pacing after the upgrade was performed.
- Received March 8, 2018.
- Accepted May 4, 2018.