In the United States, a firmware patch for cardiac devices was approved by the Food and Drug Administration (FDA) after the devices were discovered to be unprotected from cyber attacks and at risk of abrupt battery loss.
Authorities said that approximately 350,000 patients are affected by these vulnerabilities and advised that they update their devices’ firmware at their local hospitals or clinics as soon as they can.
Among those affected were Abbott’s radio frequency-enabled implantable cardioverter defibrillators (RF-ICDs) and cardiac resynchronisation therapy defibrillators (CRT-Ds).
This latest firmware update is a continuing effort as Abbott underwent a similar issue concerning their devices last August.
The updates released that time are currently FDA-approved and are ready for their corresponding devices.
Two types of Abbott’s defibrillators were discovered to have security flaws
This isn’t the first time the company’s been in hot water, as two years ago they were embroiled in a defamation suit with a security firm. The cardiac device company was supposedly said to have bugs in their equipment.
Several months after the suit, and after more investigations from the FDA, the Department of Homeland Security, and another security consultancy, the previous findings were validated.
As a result, Abbott stopped their pending litigations and instead released security patches for the vulnerabilities in question.
Security researchers discovered Abbott had weak authentication for their devices, meaning any system that knows the protocol could potentially send out commands to the cardiac devices.
The good news is there have been no instances of patients being victimised by cybercriminals through this method.
The FDA also reported that patients haven’t had any other negative effects to the firmware update from August 2017, and the devices either restored to the prior firmware version or the updated one after some help from technical services.
As we rely more heavily on our Internet-connected devices, we shouldn’t overlook their security since cybercriminals are always on the lookout for ways to spread terror in cyberspace.
Comprehensive multi-device protection for you and your family for up to 6 PCs, Macs, Android, and iOS devices. For more info click here.