About 740,000 implantable heart defibrillators made by St. Jude Medical are slated to receive software updates after 11 recalls were issued, calling for additional cybersecurity protections, according to the StarTribune.
Several of St. Jude Medical's implantable cardioverter defibrillators and cardiac resynchronization therapy defibrillators are eligible for new firmware that would offer "an additional layer of protection against unauthorized device access," the StarTribune reports.
Many of the devices use wireless communication tools to remotely monitor patient health and device status, but those features could be vulnerable to malware hacks. Despite the planned upgrades, no attack on these devices has been reported.
The older device models without the communications feature are not eligible for the cybersecurity firmware update. For patients with the older model, the company recommends "a discussion of the risks of cybersecurity vulnerabilities and proven benefits of remote monitoring with patients at their next regularly scheduled visit. RF communication may be permanently disabled in devices not eligible for firmware updates during an in-clinic device interrogation with a programmer that has received the software update," according to the StarTribune.
The affected devices include:
- 139,351 Ellipse ICDs;
- 72,673 Quadra Assura CRT-Ds;
- 40,738 Unify CRT-Ds;
- 81,338 Fortify ICDs;
- 37,485 Promote ICDs;
- 131,093 Fortify Assura ICDs;
- 71,651 Current ICDs;
- 10,425 Promote Quadra ICDs;
- 22,132 Unify Quadra CRT-Ds;
- 68,117 Quadra Assura MP CRT-Ds; and
- 65,048 Unify Assura CRT-Ds.