Firmware Update to Address Cybersecurity Vulnerabilities in Implantable Cardiac Pacemakers

"FDA approved a firmware update" is a headline from a particularly dystopian future.

The firmware update requires an in-person patient visit with a health care provider -- it cannot be done from home via The update process will take approximately 3 minutes to complete.

During this time, the device will operate in backup mode (pacing at 67 beats per minute), and essential, life-sustaining features will remain available. At the completion of the update, the device will return to its pre-update settings.

As with any firmware update, there is a very low risk of an update malfunction. Based on St. Jude Medical's previous firmware update experience, installing the updated firmware could potentially result in the following malfunctions (including the rate of occurrence previously observed):

  • reloading of previous firmware version due to incomplete update (0.161 percent),
  • loss of currently programmed device settings (0.023 percent),
  • loss of diagnostic data (none reported), or
  • complete loss of device functionality (0.003 percent).

For pacing dependent patients, consider performing the cybersecurity firmware update in a facility where temporary pacing and pacemaker generator can be readily provided.

Also, today I learned that it's possible to boot pacemakers in Safe Mode.

Half a million vulnerable devices, out there in bodies, waiting for the Barron to pop their heart-plug.

Previously, previously, previously, previously, previously, previously, previously.

Tags: , , , , , ,

4 Responses:

  1. margaret says:

    my SO works in just such a facility and they have a line of patients wanting their upgrade. one of the doctors is busy scolding the old people: "you must be senile because ain't nobody going to hack you." charming.

    • jwz says:

      I'll bet you can guess that doctor's password in less than ten tries. Have at it!

      • margaret says:

        I'm not sure there are any passwords. I'll have to ask.

        But, the pacemaker security problem is interesting. How can manufacturers make sure that "whitehat medical people" can control the device while keeping "blackhat medical peeps" out? Particularly if the patient is out cold.

        Also, in the lab, all damned day long they are sending in electrical signals through the heart to completely fuck with them. The equipment has all sorts of pre-programmed death patterns available for the technicians. Their goal is to create fatal arrhythmias to see if the heart and/or pacemaker can recover. Sometimes they burn scar tissue across the surface of the heart to reroute the analog electrical signals instead of making someone pacemaker dependent.

  2. Web Guy says:

    If only they wrote it in Rust! ;-)

  • Previously