Through its prior acquisition of St. Jude Medical, Abbott has become a major manufacturer of implantable cardiac defibrillators, pacemakers, and “cardiac resynchronization therapy devices,” and the FDA’s warning letter focused on these types of devices. How is it that, according to the FDA, Abbott’s cardiac devices are alleged to be in violation of the FDCA? The potential cyber-vulnerabilities of implanted cardiac devices first received public attention through, of all things, a Homeland episode that aired in December 2012. The issue of cyberattacks against implantable cardiac devices again resurfaced in late August 2016, when Muddy Waters, a research and trading firm, not only disclosed that it had taken a short position on St. Jude, but also issued a detailed report alleging that testing of St. Jude’s implantable cardiac devices had shown them to be vulnerable to cyberattacks that could cause the device to “pace” at a dangerous rate or cause a harmful drain of the devices’ batteries. It was on the relative heels of this safety notice that the FDA issued its April 12, 2017 warning letter to Abbott regarding the alleged failure of Abbott to adequately describe the cyber-risks that its cardiac devices presented.

Source: Forbes April 26, 2017 15:33 UTC