St. Jude promptly sued Muddy Waters in Minnesota court for defamation.
The US Food and Drug Administration said it had approved the new firmware update after reviewing and confirming claims that hackers could exploit vulnerabilities in St. Jude’s radio frequency-enabled heart implants to reprogram them to pace at unsafe rates or drain their batteries. Patients must go to their physician’s office to have the new software installed and validated.
The US Food and Drug Administration (FDA) has approved new firmware from Abbott Laboratories created to fix vulnerabilities in its St Jude cardiac pacemakers which could allow hackers to deplete the device battery.
No actual remote attacks on these devices are known to have occurred.
On Jan. 9, Abbott announced its first software patch following the Muddy Waters disclosure.
The U.S. government launched a probe previous year of claims the devices were vulnerable to potentially life-threatening hacks that could cause implanted devices to pace at potentially unsafe rates or cause them to fail by draining their batteries.
Now the FDA has approved another fix for St Jude RF-enabled implantable cardiac pacemakers, which number 465,000 in the US.
The new update will provide doctors with an earlier warning when the batteries in Abbott’s implantable cardioverter defibrillators are at risk of early depletion.
For pacing dependent patients, consider performing the cybersecurity firmware update in a facility where temporary pacing and pacemaker generator can be readily provided.
The move followed what the company did in October 2016, when it notified physicians and patients that a subset of ICD and cardiac resynchronization therapy defibrillator (CRT-D) devices manufactured between January 2010 and May 2015 could potentially experience premature battery depletion due to short circuits from lithium clusters.
“Abbott is resolving all old St. Jude Medical issues“, Abbott spokeswoman Candace Steele Flippin said.
St. Jude announced late past year that thousands of its Fortify, Fortify Assura, Quadra Assura, Unify Assura and Unify Quadra defibrillators and CRT defibrillators are vulnerable to a rare but serious problem in which the lithium battery may short-circuit and go dead with little or no warning.