The company stated that while the update is intended to improve cybersecurity through an additional layer of protection against unauthorized device access, it has not received any reports that any of its devices have been exploited remotely. Abbott also said that it has not identified any new vulnerabilities in its cardiac device portfolio.
The newly released firmware upgrade includes an enhanced device-based battery performance alert, Abbott said, which aims to improve battery performance management with certain implantable cardioverter defibrillators and cardiac resynchronization therapy defibrillators.
The battery update will allow for the monitoring of abnormal battery behavior and will vibrate to alert patients if abnormal behavior is detected. Abbott said the capability was previously limited to its Merlin.net remote monitoring systems.
The initial improvements came after St. Jude warned in late 2016 of battery issues that could disable high-voltage cardiac rhythm management devices, with two deaths reported in relation to the issue. Those warnings followed a short-seller-fueled scandal about alleged cybersecurity vulnerabilities in the St. Jude devices.
Short-selling firm Muddy Waters and a cybersecurity firm in August 2016 alleged that major flaws in the CRM devices exposed them to a cybersecurity risk, but only after taking short positions on STJ’s stock. St. Jude later sued Muddy Waters and the hacking shop behind the report, after the sides traded accusations about its accuracy (which independent researchers found had “major flaws” – but not before STJ shares lost about 5% of their value).
Abbott said it is communicating with regulatory authorities to implement the upgrades, which will be available over the next several weeks. The company went on to recommend that all eligible patients should pursue the upgrades.
The cybersecurity update applies to the company’s Fortify, Fortify Assura, Quadra Assura, Quadra Assura MP, Unify, Unify Assura, Unify Quadra, Promote Quadra and Ellipse systems, while the battery update applies to Fortfiy, Fortify Assura, Quadra Assura, Quadra Assura MP, Unify, Unify Assura and Unify Quadra devices manufactured between January 2010 and May 2015.
“Technology and its security are always evolving, and this firmware upgrade is part of our commitment to ensuring our products include the latest advancements and protections for patients,” Abbott medical devices exec VP Robert Ford said in a press release.