Implantable cardiac device firmware cannot be updated without surgery

Most implantable cardiac defibrillators (ICDs) and pacemakers run firmware that cannot be patched over the air, so when a critical software bug is discovered, patients face a choice between living with the defect or undergoing an invasive replacement surgery. In 2017, the FDA recalled 465,000 Abbott pacemakers for a firmware vulnerability that could allow an attacker to drain the battery or alter pacing, but the wireless update process itself carried a small risk of device malfunction during installation. Patients were stuck choosing between a cybersecurity risk and a procedural risk, with no good option. This persists because device manufacturers design for regulatory approval at a fixed firmware version rather than for ongoing software lifecycle management, and the FDA's pre-market clearance model has no mechanism to mandate secure-update-capable architectures.