The US FDA has approved a firmware update that is now available and is intended as a corrective action (recall), to reduce the risk of patient harm due to premature battery depletion and potential exploitation of cybersecurity vulnerabilities for certain Abbott implantable cardiac defibrillators (ICDs) and cardiac resynchronisation therapy defibrillator (CRT-Ds). “Firmware” is a specific type of software embedded in the hardware of a medical device (e.g. a component in the defibrillator).
This firmware update includes mitigations to addresses two separate issues: 1) a device-based Battery Performance Alert to detect rapid battery depletion in devices subject to the Battery Advisory from October 2016; and 2) updates to address cybersecurity vulnerabilities across Abbott’s radio frequency (RF) enabled ICDs and CRT-Ds.
Abbott’s (formerly St. Jude Medical) implantable cardioverter defibrillators (ICDs) and cardiac resynchronization therapy defibrillators (CRT-Ds) are devices that provide pacing for slow heart rhythms, and electrical shock or pacing to stop dangerously fast heart rhythms.
ICDs and CRT-Ds are both implanted under the skin in the upper chest area with connecting insulated wires (“leads”) that go into the heart. A patient may need an ICD or CRT-D if their heartbeat is too slow (bradycardia), too fast (tachycardia), or needs coordination to treat heart failure.
The FDA recommends that all eligible patients receive the firmware update at their next regularly scheduled visit or when appropriate depending on the preferences of the patient and physician.
For the purposes of this safety communication, cybersecurity focuses on protecting patients’ medical devices and their associated computers, networks, programs, and data from unintended or unauthorised threats.