CoMMEnT
Cybersecurity and cardiac implantable
Division of Cardiology,
Queen’s University, Kingston,
Ontario, Canada.
✉e-mail: adrian.baranchuk@
kingstonhsc.ca
https://doi.org/10.1038/
s41569-020-0372-1
Nature Reviews | Cardiology
electronic devices
Bryce Alexander    and Adrian Baranchuk ✉
Cybersecurity vulnerabilities of cardiac implantable electronic devices have been an area
of increasing concern in the past 4 years. Physicians should be informed of these issues
as they evolve so they can counsel their patients with the most accurate and up-to-date
information.
Cybersecurity risk of Abbott CIEDs
Cybersecurity vulnerabilities of cardiac implanta-
ble electronic devices (CIEDs) have been an area of
increasing concern to the medical community and
the general public in the past 4 years (Fig. 1). The first
major event that drew attention to the cybersecurity
risks of CIEDs occurred in 2016, when a ‘battery drain’
attack and a ‘crash’ attack were demonstrated in several
models of pacemakers from St. Jude Medical (now part
of Abbott) by the cybersecurity research firm MedSec
and the due diligence-based investment firm Muddy
Waters1. After the publication of their report, Ransford
and colleagues attempted to replicate the crash attack
experimentally but were unable to reproduce any clin-
ically significant adverse effects2. Using their experi-
mental model, which involved exposing the CIED to
2 h of high-volume radio traffic in close proximity, the
investigators found that the CIED stopped sending
radio telemetry and was unresponsive to interroga-
tion after activation of a battery-saving mechanism.
However, a hardwired test circuit connected to the
target CIED confirmed that the device continued to
pace appropriately at its previously programmed rate2.
Additionally, by moving the CIED to a different loca-
tion in the same room, normal device communication
was restored. In response to these reports, the FDA
issued a safety communication outlining potential
vulnerabilities of certain Abbott implantable cardiac
pacemaker products to cyberattacks. In turn, Abbott
responded by designing a firmware upgrade for the
pacemakers designed to fix these security susceptibil-
ities, which was non-invasive and could be completed
in less than 3 min during a standard clinical visit3.
Importantly for patients, the firmware upgrade itself
was released, and several small potential risks were
identified. Abbott estimated a 0.003% risk of complete
loss of device function, a 0.023% risk of loss of device
settings and a 0.161% risk of update failure3. Clinicians
were asked to discuss the risks and benefits of the pace-
maker firmware upgrade with patients on an individual
basis before deciding to proceed with implementation.
Guidance from major societies
After the release of the initial report on the cybersecu-
rity vulnerabilities, major cardiology and electrocardiol-
ogy societies offered guidance to physicians on potential
courses of action. The ACC Electrophysiology Section
Council released an article outlining the cybersecurity
risk events and encouraged the implementation of a
shared decision-making model that engages the patient
in conversation and shared decision-making4. Emphasis
was given to a balanced approach given that, to date,
no real-world cases of CIED hacking had occurred.
Furthermore, the attempt to scientifically reproduce the
findings of the Muddy Waters report was unsuccessful
in replicating any of the harmful effects2, but the initial
short-sell report had obvious financial motivations5.
The Heart Rhythm Society followed a similar strategy to
that of the ACC, recommending that doctors engage in
conversations with patients about this subject and weigh
the risks of the cybersecurity vulnerabilities of CIEDs
and the risks and benefits of the firmware upgrade
before installation6.
Patient acceptance of firmware upgrades
After the release of the firmware upgrade for Abbott
implantable cardiac pacemakers, additional data were
collected on the attitudes of patients and physicians
towards acceptance of the firmware upgrade and asso-
ciated complication rates. Saxon and colleagues reported
that only 25% of 10,854 patients assessed in the USA
chose to proceed with the upgrade when informed of
the risks and benefits7. A Canadian cohort had an even
lower acceptance rate of only 3.9% of 155 patients after
the risks and benefits of the firmware upgrade were
explained in a systematic manner that was endorsed
by the Canadian Heart Rhythm Society8. Complication
rates in patients who received the firmware upgrade
were low in both studies, with no reported cases of com-
plete loss of device function. Post-firmware upgrade data
reported to the FDA by Abbott indicated that the rate of
incomplete firmware upgrade with the device remaining
in backup mode was 0.62%, with only a small proportion
Comment
October: FDA releases a safety communication
regarding Medtronic CIED programmers
July: Heart Rhythm Society leadership publishes an
article with communication strategies
April: release of firmware upgrade
for Abbott ICDs January: Medtronic
August: release of releases first round
Muddy Waters report March: ACC Electrophysiology of software updates
on CIEDs cybersecurity Section Council publishes guidance to address some of
vulnerabilities on cybersecurity for CIEDs the affected CIEDs
2016 2017 2018 2019 2020
March: FDA releases a safety
January: FDA releases communication
regarding Abbott cardiac pacemakers communication regarding
Medtronic ICDs and CRT-Ds
July: Ransford et al. publish a study that could
not replicate one of the attacks in an
experimental setting
August: release of firmware upgrade for
Abbott pacemakers
Fig. 1 | Timeline of cybersecurity vulnerabilities identified for CiEds. The first
major event that first drew attention to the cybersecurity risks of cardiac implantable
electronic devices (CIEDs) occurred in 2016 when a ‘battery drain’ attack and a ‘crash
attack’ were demonstrated in several models of pacemakers from Abbott. Since then,
potential vulnerabilities of Medtronic CIED programmers have also been identified and
addressed. CRT-D, cardiac resynchronization therapy defibrillators; ICD, implantable
cardioverter defibrillators.
of patients (0.14%) experiencing noticeable discomfort
as a result of this upgrade failure.
In April 2018, the FDA released a separate security
bulletin regarding Abbott’s radiofrequency-enabled
implantable cardioverter defibrillators (ICDs) and car-
diac resynchronization therapy defibrillators (CRT-Ds)9.
This report was released on the basis of the identification
of a potential vulnerability that might allow an attacker
to change the device settings remotely with the use of
easily obtainable equipment. However, in this case the
firmware upgrade released by Abbott was coupled with
an additional update designed to warn patients if their
device experienced premature battery failure owing to
lithium clusters forming within the battery, a separate
issue that had been previously identified by Abbott and
the FDA. Given that physicians were advised to imme-
diately replace any devices triggering the battery perfor-
mance alert, the FDA took a stronger stance and advised
that the firmware upgrade should be implemented in
all eligible patients. Expected complication rates with
this firmware upgrade quoted by Abbott were similar
to the previous pacemaker firmware upgrade advi-
no cases of sory and physicians were again encouraged to inform
patients about the risks and benefits of the firmware
actual harm as upgrade3. Initial experience with the ICD and CRT-D
a result of any upgrades in a Canadian patient population revealed a
of the identified high rate of acceptance among patients (85.5%), prob-
cybersecurity ably owing to this upgrade bundling10. Again, com-
plication rates after firmware upgrade were low, with
issues of CIEDs 1.4% of devices experiencing reloading of the previous
have been firmware version owing to an incomplete upgrade. As
reported with the previous firmware upgrade, no device failures
were observed.
Cybersecurity risk of Medtronic CIEDs
In October 2018, additional cybersecurity vulnerabilities
were identified in Medtronic CareLink and CareLink
Encore programmers, which were used by physicians
to retrieve device performance data, check battery sta-
tus and adjust or reprogram device settings in a CIED.
The FDA confirmed that the vulnerabilities could allow
an unauthorized user to change the functionality of the
implanted device. As in the Abbott case, Medtronic
released a software upgrade that disabled the program-
mer from accessing the Medtronic network while retain-
ing USB functionality. A separate update was released in
March 2019 for ICDs and CRT-Ds from Medtronic. The
FDA was able to confirm cybersecurity vulnerabilities in
Medtronic Conexus wireless telemetry protocol caused
by a lack of encryption, authentication or authorization
protocols, which potentially allowed malicious users to
change device settings9. This telemetry protocol could
only be activated by the patient’s health-care provider
at a clinic, and an unauthorized user would need to be
close to an active device, monitor or programmer to take
advantage of these vulnerabilities. In response to this
vulnerability, Medtronic issued a security bulletin stat-
ing that they were working on software updates to mit-
igate these vulnerabilities. In January 2020, Medtronic
released the first round of software updates to address
some of the affected devices. Of note, the FDA recom-
mended that patients continue to use their home mon-
itors as the benefits of remote wireless monitoring far
outweighed the practical risk of an unauthorized user
exploiting these vulnerabilities.
Conclusions
Together, these cases illustrate the increasing concerns
in the public domain about the cybersecurity of CIEDs.
What was previously mostly of academic interest rele-
vant to CIED companies and programmers has gained
widespread public attention. As a result, physicians
might be asked by patients to provide accurate and
informed knowledge on these issues. Given that many
patients rely on these devices for life-sustaining ther-
apies, any concerns related to these devices should be
addressed promptly and fully. Guidance on conversa-
tions between physicians and patients has been pub-
lished by major cardiovascular societies4. Importantly,
to date, no cases of actual harm as a result of any of
the identified cybersecurity issues of CIEDs have been
reported. However, although the odds of an actual cyber-
security attack on a CIED are extremely low, the con-
sequences of an attack could be devastating to patients
and, therefore, patients must have access to all the avail-
able information before deciding on a course of action.
Effective firmware upgrades are already available and
being used on a widespread basis, and no clinically sig-
nificant harmful effects have been associated with the
firmware rollouts. Additionally, new devices that are
implanted de novo already have the firmware upgrade
and are not affected by the currently identified vulner-
abilities. Specialists dealing with CIEDs have become
aware of these issues and are becoming more versed in
discussing them with patients and device companies. All
stakeholders that are involved in CIED implantation,
www.nature.com/nrcardio
 Comment

including manufacturers, information technology spe- patches are not vaccinations! J. Am. Coll. Cardiol. 72, 127–128
(2018).
cialists and physicians, should work together to ensure 6. Slotwiner, D. J. et al. Cybersecurity vulnerabilities of cardiac
that the highest level of protection is provided to the implantable electronic devices: communication strategies for
clinicians-Proceedings of the Heart Rhythm Society’s Leadership
patient. Physicians should stay informed of these issues Summit. Heart Rhythm 15, e61–e67 (2018).
as they evolve so they are best able to counsel patients. 7. Saxon, L. A., Varma, N., Epstein, L. M., Ganz, L. I. & Epstein, A. E.
Factors influencing the decision to proceed to firmware upgrades to
1. Alexander, B., Haseeb, S. & Baranchuk, A. Are implanted electronic implanted pacemakers for cybersecurity risk mitigation. Circulation
devices hackable? Trends Cardiovasc. Med. 29, 476–480 (2018). 138, 1274–1276 (2018).
2. Ransford, B. et al. Cybersecurity and medical devices: a practical 8. Baranchuk, A. et al. Pacemaker cybersecurity. Circulation 138,
guide for cardiac electrophysiologists. PACE - Pacing Clin. 1272–1273 (2018).
Electrophysiol. 40, 913–917 (2017). 9. FDA. Cybersecurity updates affecting Medtronic implantable cardiac
3. FDA. Firmware update to address cybersecurity vulnerabilities device programmers: FDA safety communication. FDA https://www.
identified in Abbott’s (formerly St. Jude Medical’s) implantable fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm623184.htm
cardiac pacemakers: FDA safety communication. FDA (2018).
­­­­­­­­ ­­­­­­­­­­­­­­­­­­­­­­­a­.­g­o­v­/­m­e­d­i­c­a­l­-­d­e­v­i­c­e­s­/­s­a­f­e­t­y­-­c­o­m­m­u­n­i­c­a­t­i­o­n­s­/­
h­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­t­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­t­­­­­­­­­­­­­­­­­­­­­­­­­­­p­s­:­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­//ww­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­w­.f­­­­­­­­­­­­­­­­­­­­­­­­­­­­­ ­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­d 10. Alexander, B. et al. ICD-cybersecurity. Circ. Arrhythmia Electrophysiol.
f­­i­r­m­w­ar­­e­-­u­p­d­a­t­e­-­a­d­d­r­e­ss­­-­c­yb­­e­r­se­­c­u­ri­­ty­-v­ul­ne­ra­bi­lities-identified- 13, e008261 (2020).
abbotts-formerly-st-jude-medicals (2017).
4­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­.­­­­­­ Baranchuk, A. et al. Cybersecurity for cardiac implantable electronic Competing interests
devices. J. Am. Coll. Cardiol. 71, 1284–1288 (2018). A.B. has received two unrestricted grants from Abbott to conduct clinical
5. Baranchuk, A., Refaat, M. M., Chung, M. K., Fisher, J. D. & research relating to cardiac implantable electronic device cybersecurity.
Lakkireddy, D. Cyberattacks and cardiac devices: firmware B.A. declares no competing interests.

Nature Reviews | Cardiology