We have previously reported on the ongoing cybersecurity issues with St. Jude defibrillators [view related posts here, here, and here].

On June 29, 2018, the Food and Drug Administration (FDA) classified the required firmware updates to St. Jude defibrillators as Class 2 recalls, which is the medium-severity category of classifications that is applicable to issues where adverse health consequences are considered temporary or reversible.

The manufacturer of the defibrillators is pushing the firmware updates to approximately 740,000 units that are able to accept the update. The communication system to older devices that can’t accept the update will be disabled. Therefore, both the FDA and the manufacturer are recommending that patients with implantable cardioverter defibrillators and cardiac resynchronization therapy defibrillators get the updates during their next doctor’s visit.

Obviously, patients with older units should consult with their physician about next steps if their communication system will be disabled. The manufacturer recommends “a discussion of the risks of cybersecurity vulnerabilities and proven benefits of remote monitoring with patients at their next regularly scheduled visit.”