The FDA said that, while there are no known reports of patients being harmed by cybersecurity vulnerabilities, there's still an increased risk that those vulnerabilities could be exploited by an unauthorized user accessing a patient's device.
"The FDA recommends that patients and their healthcare providers discuss the risks and benefits of the cybersecurity vulnerabilities and the associated firmware update created to address such vulnerabilities at their next regularly scheduled visit".
In a letter sent to doctors (downloadable.PDF), Abbott - which acquired St. Jude Medical in 2016 - admitted the update could not be delivered over the air and requires roughly three minutes in the presence of the patient to download and install while in backup mode.
The FDA and Abbott do not recommend removal of the devices, according to the safety update.
Taylor Swift sent flowers to music video dancers
Throughout the sultry, cynical track Taylor calls out Kanye West , Katy Perry , The Grammys , and pretty much anyone that has burned her in the past.
Samsung Gear Fit2 Pro hands-on review
There's a decent 4GB of storage per earbud letting you store music and leave your phone behind, which is good news. It also features Running Coach function that provides in-ear audio exercise status updates in real-time.
Trump says tax overhaul will 'bring back Main Street'
He said it would provide tax relief for middle-class families, boost economic growth, and bring business back to the US. But he said the president broke that promise by pushing for a bill that "guts healthcare for millions".
"Because all networked medical devices are potentially vulnerable to cybersecurity threats, the FDA has been working diligently with device manufacturers and other stakeholders to ensure the benefits of medical devices to patients continue to outweigh any potential cybersecurity risks", he said in a release, calling for "multi-stakeholder engagement" in managing medical device cybersecurity risks.
The vulnerability affects devices made by Abbott's (formerly St. Jude Medical's) that are radio frequency-enabled. As part of this discussion, it is important to consider each patient's circumstances, such as pacemaker dependence, age of the device, and patient preference, and provide them with Abbott's Patient Communication. Based on Abbott's data, there's a 0.161 percent chance the update reloads old firmware due to an incomplete update; a 0.023 percent chance that the update will wipe programmed device settings; a not reported chance of loss of diagnostic data; and a 0.003 percent chance the device becomes bricked.
The company also says the risks of performing the update are low based on its previous experience with firmware updates.
There is further information on the firmware update available online, or Abbott's hotline at 800-722-3774.
The patch comes eight months after Abbott released an update meant to fix a vulnerability with the device now providing pacemaker authorization, namely Merlin@home Transmitter.