FDA recalls close to half-a-million pacemakers over hacking fears

Security concerns over connected health devices are once again in the spotlight.

PA Wire/PA Images

Turns out former Vice President (and erratic shooter) Dick Cheney was right all along: Your heart can be hacked. At least if you have a pacemaker, that is. On Tuesday, the FDA recalled 465,000 of the medical devices -- the ones that help control your heart beat -- citing security vulnerabilities. The pacemakers, which come from health company Abbott (formerly St. Jude Medical), require a firmware update. Fortunately, it can be installed by a health care provider in just three minutes. The models affected include the Accent, Anthem, Accent MRI, Accent ST, Assurity, and Allure.

Security concerns over smart devices have increased over the past few years. Even before Cheney revealed he'd been warned his defibrillator could be used to assassinate him, the topic was made famous on TV. In 2012, an episode of the hit show Homeland depicted a fictional Vice President's pacemaker getting hacked by terrorists. Some (understandably) laughed off its high drama, but it seems the series was inspired by real life.

Earlier that year, former hacker and security expert Barnaby Jack reverse engineered a pacemaker to release a series of 830 volt shocks. Thankfully, it wasn't in use at the time. Jack refused to release his video demonstration of the process, claiming he didn't want to out the device's manufacturer. Nonetheless, his findings were viewed as instrumental to a GAO report suggesting the FDA increase its security information for medical device manufacturers.

Sure enough, in 2013 the federal agency began warning companies against backdoors in their products' computer systems. Sine then, similar alerts have been raised by the likes of Europol, which claimed computer attacks on safety equipment could result in injuries and deaths.

On Tuesday, the FDA echoed those same concerns: "As medical devices become increasingly interconnected via the Internet, hospital networks, other medical devices, and smartphones, there is an increased risk of exploitation of cybersecurity vulnerabilities."

Those in possession of an affected pacemaker can find out more about the firmware update via the St. Jude Medical website.