The Food and Drug Administration (FDA) has warned medical device maker Abbott that it must submit a plan to address any cybersecurity issues and other safety issues identified in cardiac devices from the company’s recently acquired St Jude Medical.
Cybersecurity
The FDA sent a letter on 12 April which stated Abbott failed to ‘establish and maintain procedures for implementing corrective and preventive action’ for issues surrounding battery depletion in devices and cybersecurity vulnerabilities which could impact patient health.
The findings come from an inspection which took place in February at former St Jude Medical facilities in Sylmar California.
The FDA highlighted a number of issues including several violations of FDA regulations concerning the company’s failure to maintain procedures regarding product design and correcting device problems.
Abbott also failed to include details of assessments carried out by a third-party into the company’s cybersecurity risk assessments for high voltage and peripheral devices. The company also distributed devices that were under recall.
In a response to the letter and speaking to ISMG, Abbott said “At Abbott, patient safety comes first. We have a strong history and commitment to product safety and quality, as demonstrated by our operations across the company."
“The FDA inspection of the Sylmar facility, formerly run by St. Jude Medical, began on Feb. 7; and we responded to the 483 observations on March 13, describing the corrective actions we are implementing. We take these matters seriously, continue to make progress on our corrective actions, will closely review FDA's warning letter, and are committed to fully addressing FDA's concerns."