A Heart-Stopping Discovery: Pacemakers at Risk

“Software is eating the world” – perhaps no other phrase better sums up the era in which we live. In this increasingly interconnected world, new software-driven technologies continue to revolutionize every aspect of our lives. One important consequence of this innovation has been the rise of smarter medical devices, such as software-controlled pacemakers, which have contributed towards increasing the average life expectancy in the US every year for nearly the past quarter century. Now these life-giving devices, to which many owe their lives, are squarely in the crosshairs of hackers.

On August 29th, the US Food and Drug Administration issued a recall on St. Jude Medical pacemakers, stressing that the means to conduct an attack on these pacemakers are easily and commercially available today. Despite the reported ease of accessibility of the hack, the potential consequences are grim: hackers would have the ability to either drain the battery or administer incorrect pacing, with either attack resulting in a sudden cardiac arrest. Such an event can easily prove fatal if proper medical care is not administered immediately.

While no cases have been reported thus far, all pacemakers of the recalled model require an update to their firmware, one that allows only verified parties to make changes to its settings. This process will no doubt carry a hefty price, both in time spent and resources used to carry out the modification. The lack of a secure path to quickly update the settings of these devices is a key issue in this case, once again stressing the necessity for seamless over-the-air updates in modern technology.

The FDA has set a strong example: no longer shall cybersecurity be treated as an inconvenience. It is of utmost importance that device manufacturers, physicians, and patients all heed this warning. Trillium agrees, and looks forwards towards a world in which every device is safe from hackers, but until that day, we must strive to improve cybersecurity in not just one industry, but in every industry. Trillium’s portfolio of lightweight, scalable, and effective cybersecurity solutions were created with this goal in mind.