The U.S. Food and Drug Administration (FDA) is warning that over 465,000 patients who had St. Jude pacemakers implanted may be vulnerable to a software glitch that could permit hackers to remotely disable their batteries or make the devices to run at deadly speeds. According to the FDA recall Notice issued on August 29, hackers could use inexpensive, readily available equipment to remotely change the programming on affected pacemakers, reports the Daily Hornet.
The recalled devices were made before August 28 by St. Jude Medical, which was acquired by Abbott in January. The medical device company will now require all external equipment to provide authorization before it can communicate with the pacemaker. Patients who were implanted with the recalled pacemaker will not need to have them surgically removed and replaced, however, the devices have to be given a firmware upgrade to protect them against crucial vulnerabilities. Pacemakers manufactured beginning August 28, 2017 will have this update pre-loaded in the device and will not require the update.
Device Upgrade Information
The upgrade is an easy, three-minute process that must be performed by a healthcare provider. In that time, the device will run in backup mode (67 beats per minute). The FDA warned that there is a slight risk that during the upgrade, diagnostic data or settings could be lost. A worse possibility is that the pacemaker could become “bricked” (inoperable and totally useless), so it is imperative patients consult their doctors concerning the risks and benefits of updating their pacemakers before the upgrade is requested, according to the Daily Hornet.
Product liability attorneys at Parker Waichman LLP are actively reviewing potential lawsuits regarding defective medical devices, including St. Jude pacemakers. Associates at the firm are available to answer any questions for individuals seeking information about filing a lawsuit.
How a Pacemaker Works
Implantable cardiac pacemakers, including cardiac resynchronization therapy pacemaker (CRT-P) devices, provide pacing for slow or irregular heart rhythms. These devices are implanted under the skin in the upper chest and have connected insulated wires (called leads) that go into the heart. If a patient’s heartbeat is too slow (bradycardia) or needs resynchronization to treat heart failure, an implantable cardiac pacemaker may be needed.
Premature battery depletion is caused by a buildup of lithium between the anode and the cathode, the two main components of the battery. If this occurs, it can cause the battery to deplete rapidly. A design change in May 2015 added an internal barrier to the insulation inside the battery to reduce the risk of lithium causing a short circuit.
If a battery unexpectedly runs out before the patient is aware of a rapid battery drain and able to have it replaced, the pacemaker will be unable to deliver life-saving pacing or shocks, which could lead to patient death.
The devices included in the FDA communication are the following St. Jude Medical pacemaker and CRT-P devices: Accent, Anthem, Accent MRI, Accent ST, Assurity, and Allure.
FDA’s Warning about Hacking
The FDA warned that pacemakers that are affected are radio-frequency (RF) enabled according to wireless broadband (EEE 802.11) standards, and that anything that connects to the internet or Wi-Fi can be hacked.
The FDA’s Safety Communication said, “Many medical devices, including St. Jude Medical’s implantable cardiac pacemakers, contain configurable embedded computer systems that can be vulnerable to cybersecurity intrusions and exploits. As medical devices become increasingly interconnected via the internet, hospital networks, other medical devices, and smartphones, there is an increased risk of exploitation of cybersecurity vulnerabilities, some of which could affect how a medical device operates.”
Danger of Unauthorized Access
The agency has reviewed information concerning potential cybersecurity vulnerabilities linked to St. Jude Medical’s RF-enabled implantable cardiac pacemakers and has confirmed that these vulnerabilities, if exploited, could permit an unauthorized user, such as someone other than the patient’s doctor, to access a patient’s device. This access, when used by an unauthorized individual, could be used to modify programming commands to the implanted pacemaker, and may result in patient harm.
The FDA also noted that there are benefits with connectivity, including safer and more convenient healthcare, which leaves pacemaker recipients with a difficult decision.
Individuals who already have a pacemaker can determine if the device is affected by the recall by checking a certain card that should have been received after the initial surgery.
Legal Information for St. Jude Pacemaker Recipients
If you or someone you know has sustained injury associated with a pacemaker you may be eligible for valuable compensation. Parker Waichman personal injury law firm offers free, no-obligation case evaluations. We urge you to contact us at 1-800-YOURLAWYER (1-800-968-7529).