Pacemaker Hacking: Good TV Plot, but Not Worth Alarming Patients

John Mandrola, MD


September 15, 2017

A new-age "problem" with a single brand of pacemakers is testing the bounds of shared decision-making and the role of paternalism in medical care.

The issue is that more than 400,000 Abbott (formerly St Jude Medical) pacemakers have a security vulnerability that could allow unauthorized access to device programming.

I used quotes around problem because this is a virtual or unrealized issue. No one has been injured or hacked to date. In a news release, Abbott admitted the problem and earlier this year, it released a software patch to its in-home monitoring devices.

The more definitive fix involves installing a firmware update directly to the pacemaker. This seems innocuous but it confers decidedly real and finite harms.

The key clinical questions: should doctors recommend this firmware update, or more provocatively, do we even ask the patient to share in this decision?

The reflex answer is of course, patients should know about the issue and share in the decision to get the firmware. But I don't think that is correct. Yes, in this case, I will defend paternalism.


Pacemakers worked well without the internet. At its core, a pacemaker does three things: it senses, paces, and tracks the upper chambers of the heart. Current-day pacemakers do these basics, but now the generators contain wireless technology that allows information transfer from the device to a home monitor, then to a company server, and then to doctors' offices.

Observational data suggests that this "remote" monitoring associates with better outcomes.[1] It makes sense: rather than looking for problems every 90 days when a patient comes for an in-person visit, remote monitoring allows real-time assessment for hardware problems or arrhythmia episodes.

Connectivity comes with costs; one is the security of the data. The crux of this issue centers on how secure is secure enough.

The history of how the Abbott security problem was found is relevant. The technology security company MedSec, in partnership with Muddy Waters, an investment firm specializing in shorting stock, discovered the problem in 2016. Rather than working with St Jude to fix the problem, the security firm went public.

At the time the company was shorting the stock, Muddy Waters founder Carson Block told investors that "tens of thousands of Americans are living with ticking time bombs: St Jude pacemakers and defibrillators that are easily compromised, causing potentially fatal disruptions."

Muddy Waters and MedSec contend that St Jude knew about these software vulnerabilities for years and failed to correct them.

In a safety communication in January 2017, the FDA confirmed the vulnerabilities but upheld the value of the home monitoring system. It also urged Abbot to remedy the problem. Four months later, the FDA issued a warning letter to Abbott charging that the company's remedies were not adequate.

Firmware Update

After the FDA warning letter, Abbott recently released a firmware update addressing the potential vulnerability.

In the Dear-Doctor letter, Abbott says the process of embedding this firmware into the pacer takes about 3 minutes. The device will operate in backup mode, which is unipolar single-chamber pacing at high output. (Some patients will experience discomfort during this pacing mode.)

But here is the zinger: "There is a very low rate of malfunction resulting from the update." These include but are not limited to loss of currently programmed device settings (0.023%) and complete loss of device functionality (0.003%). Abbott also recommends that if the patient is pacing dependent, doctors should "consider doing the update in a facility where temporary pacing or generator change are readily available."

What is clear from the language of that letter, especially the part about installing the firmware in an EP lab in dependent patients, is that this fix comes with a real risk of harm.

Fix Worse Than Problem

This scenario—balancing potential problems of human-made cardiac devices with their fixes—is an old one.

Again, history teaches us a lot. Earlier in my career, If there were a potential problem with a lead or generator, we replaced them. The lesson learned was that much more harm came from the surgeries for lead revisions and generator replacements.[2] Wisdom and nuance came only after many patients were harmed from the reflex to fix potential problems.

There are clear similarities to the current situation. Only this one deals with software rather than hardware. The cyber vulnerability would require an advanced hacking attempt from close physical proximity.

This may work in the fantasy world of TV drama; pacemaker hacking featured in a scene from Homeland . But in real life, the notion of hacking a pacemaker is silly. If someone wants to harm another human from close proximity, there are far easier ways than hacking a pacemaker.

What's more, isn't cyber security like bike locks? True security is a mere illusion, because any lock or password is vulnerable.

The Paternalistic Approach

If asked by affected patients, I am not recommending the firmware update. It's crazy to expose people to the inconvenience and risk of harm from a hastily made firmware update for something so nebulous as a potential hacking attempt.

I would also argue that there is no reason to bring this up to patients who don't ask. My reasoning is twofold:

First, I despise the creation of fear by healthcare professionals. Fear tilts the already-asymmetric balance of power in the doctor-patient relationship. If we scare our patients, they are more apt to succumb to our interventions. Fear crushes decision quality.

I see no reason to fear this issue. Not one person has been harmed. Most patients with pacemakers have other serious illnesses; they also come to my office in cars. Relative to these risks, a vulnerability to a sophisticated hack pales in comparison. Here I cite only common sense.

Another reason not to raise this issue is distraction. If we have 15 to 20 minutes with a patient with a pacemaker, it's dumb to waste precious time on ginned-up concerns about cyber security. Instead, we could talk about diet, exercise, life's stresses, medication issues, or maybe just make some human contact.

Security of medical data is an important matter, but this particular issue does not raise to the level of action. Patients pay doctors to be wise advisors—here the wise choice is to focus on more pressing health issues.



Comments on Medscape are moderated and should be professional in tone and on topic. You must declare any conflicts of interest related to your comments and responses. Please see our Commenting Guide for further information. We reserve the right to remove posts at our sole discretion.
Post as: