St. Jude Medical updated its implantable cardiac devices after the Food and Drug Administration said they were vulnerable to hackers.
An FDA statement said cyber intruders could have attacked pacemakers and defibrillators by draining their batteries or making them send out the wrong pacing or shocks. That could be life-threatening.
The problem should be fixed now, and it appears no devices actually got hacked. But medical devices with lax security are surprisingly common.
In October, Johnson & Johnson notified more than 100,000 patients that their insulin pumps could be vulnerable to hackers, who could change a pump's dosage or shut it down entirely.
And it's not just devices attached to people's bodies. One hacking expert said most hospitals are more than 10 years behind on cybersecurity practices.