Abbott Laboratories has recalled approximately 50,000 implantable cardiac monitors due to a Bluetooth security vulnerability that could potentially allow unauthorized access to patient health data. The FDA has classified this as a Class I recall.
The affected Confirm Rx insertable cardiac monitors use Bluetooth to transmit heart rhythm data to a smartphone app. Security researchers discovered that the Bluetooth pairing protocol could be exploited to intercept or manipulate transmitted data within a range of approximately 30 feet.
No evidence of exploitation has been found in clinical use, and the vulnerability does not affect the monitor's ability to record cardiac data or deliver therapy. However, the potential for unauthorized data access and the theoretical possibility of data manipulation warranted the highest recall classification.
Abbott is issuing a firmware update that patches the Bluetooth vulnerability and adds encrypted communication. Patients must visit their cardiologist's office for the update, which takes approximately 15 minutes via the programming device.
The recall underscores growing cybersecurity concerns with connected medical devices. The FDA has issued updated guidance requiring all new connected medical devices to include cybersecurity plans as part of their premarket submissions.
