A new report delving into a recent pacemaker recall suggests that everyone involved—patients, doctors, and device manufacturers—should learn lessons from the vulnerabilities discovered so far.
The report authors caution that other medical devices using similar technology could very well have the same type of problem, and they also note that, in this particular case, the industry and the US Food and Drug Administration (FDA) missed an opportunity to collect data on the effectiveness of the manufacturer’s process to take corrective action.
Suspicions were raised back in 2016 that the affected devices (six models of pacemaker from St. Jude Medical, now owned by Abbott), which can be accessed wirelessly, could be tampered with. Specifically, there were worries that someone could use remote wireless access to maliciously interfere with critical functions of the devices or cause the battery to drain more quickly than it should.
In January, the FDA issued a safety alert about potential vulnerabilities with a home base station used by Abbott pacemakers, noting that the manufacturer had developed a corrective software patch. There were no reports of patient harm at that time.
In August, a broader voluntary recall was issued for nearly half a million pacemakers across six models. Unlike many defective device recalls, this one did not require the replacement of the device, but instead could be done through a visit to the doctor’s office for a firmware update, reported to be a three-minute process.
The FDA has concerns that all medical devices that have any kind of remote control capability (usually offered through radio frequency or Wi-Fi communication) may be vulnerable to manipulation by unauthorized users.
The alerts include general cautions reminding people that, despite the advantages of this technology, “any medical device connected to a communications network (e.g. wi-fi, public or home Internet) may have cybersecurity vulnerabilities that could be exploited by unauthorized users.”
The authors of this report also note that the actual risk to patients remains unknown. In fact, even the failure rate during the software update process is only an estimate from the manufacturer. Those estimates—that close to two devices in 1,000 might have a problem during the update process, and that about three devices in every 100,000 could suffer total failure—can’t be confirmed.
A recall like the one affecting the Abbott pacemakers highlights many issues. There are larger concerns here beyond the devices involved, and many questions are still unanswered. Although no one is known to have been harmed in this case, dozens of Americans are injured each day by other dangerous or defective products, and it’s only through litigation in the civil court system that they receive restitution.
If you’re in the Salt Lake City area and need to discuss your case with an experienced defective product attorney, give Craig Swapp & Associates a call at 1-800-404-9000 or fill out the form below. There is no charge or obligation for this consultation.