Pacemakers 'Recalled' Amid Hacking Concerns

John Lister's picture

Around 465,000 pacemakers have been 'recalled' over hacking fears. However, the St Jude Medical brand devices will be patched with a software update rather than removed and replaced.

The pacemakers are radio controlled to allow doctors to alter the specific rhythm they aim for when regulating a heart beat. This radio control means doctors can adjust to the patients changing needs without the need to remove the pacemaker for alterations. That's important as the surgery for such a removal is inherently risky.

No Signs Of Hack Attacks

While the precise details haven't been revealed for obvious reasons, the way in which doctors can wireless issue commands to the pacemaker turns out to have a security flaw. That could allow a hacker to get unauthorized access and either switch off or adjust the pacemaker's rhythm, either of which is potentially fatal.

There's no evidence that any hackers were aware of the details of the vulnerability or have sought to exploit it. The manufacturers say the Department of Homeland Security concluded a successful attack would "require a highly complex set of circumstances." However, the risk is being taken seriously, given that a successful hacker could use the vulnerability to carry out an extortion scheme.

Doctors Must Issue Update

Two research firms have highlighted the potential weaknesses in the pacemakers. One took the unusual approach of not informing the manufacturers until after tipping off an investment firm, which then 'shorted' the manufacturer's stock: in effect betting that the price would fall. The researchers said the approach was justified because it caused a financial shock that better got the manufacturer's attention. (Source:

The update must be issued by the healthcare professionals that fitted the pacemakers and have the ability to alter the settings. Users have been advised to talk to their doctors at their next scheduled visit. As well as the 465,000 pacemakers covered by the FDA 'recall', another 280,000 pacemakers fitted in patients outside the US could receive the update. (Source:

What's Your Opinion?

Does this sound like a serious risk or just a case of safety first? Should medical professionals face tighter regulations on the security of wirelessly-controlled medical devices? Is the risk of hacking an inevitable price for having smarter technology in healthcare?

Rate this article: 
Average: 4.5 (4 votes)


dan400man's picture

It's not a serious risk for anyone without a pacemaker, which I'm gonna guess the vast majority of shareholders in the companies that make pacemakers. So, tipping off an investment firm about the problem was a genius move. Money talks!

Even if there was little risk that someone with the knowledge necessary to hack into these pacemakers and is also a demented sicko, imagine the life change of someone who has a pacemaker learning about this threat. Without a good understanding of the threat, I imagine many would shrink under the threat, as little as it probably is.

hrleno's picture

This very exploit was shown on the series 'Homeland' where a hacker killed the VP of the U.S. for political means. It's a known exploit.