Philadelphia, January 20, 2022 – A case study of a patient who experienced inappropriate shocks from her defibrillator is presented in Heart Rhythm Case Reports, an official journal of the Heart Rhythm Society, published by Elsevier. This event likely took place because an FDA-recommended firmware update to strengthen cybersecurity had not occurred. This underscores the importance of upgrading firmware of Abbott devices according to FDA recommendations.
The patient, with an Abbott Fortify AssuraTM implantable cardioverter-defibrillator (ICD) with a Merlin@homeTM radiofrequency communicator, presented to the emergency department after receiving two shocks from her ICD without preceding symptoms. She had a history of atrial fibrillation with rapid ventricular response.
The patient was enrolled in at-home remote monitoring for her device and had frequent in-person device checks; however, the patient’s device had outdated ICD firmware.
Ad Statistics
Times Displayed: 348574
Times Visited: 21068 MIT labs, experts in Multi-Vendor component level repair of: MRI Coils, RF amplifiers, Gradient Amplifiers Contrast Media Injectors. System repairs, sub-assembly repairs, component level repairs, refurbish/calibrate. info@mitlabsusa.com/+1 (305) 470-8013
In August 2016, Muddy Waters LLC, an investment firm that conducts investigative research on public companies, released a report claiming that certain St. Jude Medical/Abbott cardiovascular implantable electronic devices (CIEDs) were vulnerable to cyberattack through the Merlin@home™ radiofrequency remote monitoring system, which allows care teams to review medical and technical information about the patient and the device without an in-person visit. Senior investigator Vineet Kumar, MD, FHRS, Division of Cardiac Electrophysiology, Inova Heart and Vascular Institute, Falls Church, VA, USA, explained, “Cyberattack of CIEDs could affect patients’ confidentiality, interrupt remote monitoring, and even harm patients by changing device settings or promoting early battery depletion.”
Consequently, St. Jude Medical/Abbott released a software patch for the radiofrequency communicator, which was successfully programmed remotely into nearly 100% of actively used Merlin@home™ radiofrequency communicators. The company later released firmware updates to strengthen cybersecurity performance in the devices themselves. This requires an in-person visit to the healthcare provider, but it takes only three minutes to complete and is rarely associated with complications. Still, the firmware has only been updated in 24% of eligible devices. Because no harm is known to have been caused by a CIED cyberattack, deferring the firmware update may not have been prioritized for many patients. Additionally, reports have emerged showing that the firmware update may cause irreversible device malfunction with an incidence of 0.003%.
