St. Jude Medical
Owners:
Abbott Laboratories
Owners
2021: Abbott to pay tens of millions to sell notoriously defective medical devices to St. Jude Medical
In July 2021, Abbott agreed to pay $66 million to settle litigation initiated by the US Department of Justice against its own subsidiaries under the False Claims Act.
In particular, the manufacturer of medical equipment will pay $38.75 million at the request of the federal court of Newark (New Jersey) to settle a lawsuit related to a subsidiary of Alere, and $27 million to settle a lawsuit in the case of a subsidiary of St. Jude Medical in federal court of Maryland. Read more here.
2017
Lawsuit over defective defibrillators
In September 2017 , Alaska's Medical Employees Pay Fund sued Abbott Laboratories, accusing the St. Jude Medical subsidiary of not wanting to notify the public and regulators of incorrect operation of heart devices.
The lawsuit, sent to the federal court of Illinois, says that St. Jude knew about the sale in the United States of more than 250 thousand implantable defibrillators, whose batteries can suddenly discharge, thereby turning off the device without warning or with a short notice. Abbott acquired St. Jude three months after the recall campaign began, so it is Abbott who is the defendant in court.
Although the lawsuit is filed on behalf of one organization, it may receive collective status, as its initiators urge insurance companies to unite in this case. According to the plaintiffs, insurers paid hundreds of millions of dollars in compensation to users of defective St. Jude medical equipment sold between 2011 and October 2016.
Abbott called this complaint unfounded and noted that St. Jude defended its decision to postpone the recall of implants until October 2016, saying that company management and consultants are trying to confirm the presence of a rare but serious problem as soon as possible.
The lawsuit lists 10 claims, including the manufacturer's refusal to warn of known defects, violation of warranty terms, negligence and illegal enrichment. In addition, it points to a violation of the current Minnesota Consumer Deception Prevention Act, when the company until October 2016 "fraudulently neglected" long-known facts about problems with device batteries.
 | Had the defendants not neglected or misrepresented flaws in the recalled devices, doctors would not have used them. Consequently, the plaintiff and others involved in the nationwide complaint would not incur the costs of returning the equipment, surgical removal and replacement of the devices, and other costs, the lawsuit states. |  |
According to its initiators, St. Jude received 42 messages indicating premature battery discharge between 2011 and 2014. In 2014, it became known about the death of the patient due to this problem.
The Star Tribune writes that in June 2015, St. Jude redesigned batteries in its heart devices, thereby confirming its awareness of the malfunction. These changes were approved by the Food and Drug Administration (FDA), but the regulator did not require an immediate product recall, since the proportion of defective products was small and did not exceed the values of other similar models. The spread of the problem accelerated only later, which led to a massive recall of the company's devices.
According to data that St. Jude provided by May 31, 2017, 616 of 398,740 implantable defibrillators sold worldwide had a drawback related to discharging batteries for no apparent reason. In total, the manufacturer is aware of two deaths.
The recall includes models such as Fortify, Fortify Assura, Quadra Assura, Unify, Unify Assura and Unify Quadra, which were produced until May 2015. Abbott says that patients using these devices do not have to de-implant them instantly. It is recommended that you first consult a doctor for advice and use additional devices that provide remote monitoring of battery charging levels.
St. Jude and the FDA do not recommend replacing defibrillators as a prevention because the process involves surgery and carries a risk of complications.[1]
Release of update that fixes vulnerability in pacemakers
At the end of August 2017 Food and Drug Administration (FDA) , it issued an official warning about the existence of vulnerabilities in the company's pacemakers (Abbott formerly St. Jude Medical). The manufacturer responded to a message from the authorities and released a software update that fixes the shortcomings of its equipment.
According to the FDA, about 465 thousand pacemakers have vulnerabilities that allow attackers to gain remote access to devices and change their speed or drain the battery in a short time. From what distance it is possible to hack a medical device is not specified. At the same time, the regulator is not aware of any case of unauthorized access to pacemakers.
| | Exploitation of these vulnerabilities allows an unauthorized user to gain remote access to an implanted patient RF-code device by replacing the Merlin @ home transmitter. Such a Merlin @ home transmitter can be used to modify the software commands of the implanted device, which can lead to depletion of its battery, as well as the establishment of an incorrect heart rate or incorrect discharge, the FDA said in a statement. | |
The FDA does not recommend removing vulnerable pacemakers, but advises their owners to discuss the need to update the firmware with their healthcare provider.
On August 29, 2017, Abbott announced the release of a firmware that fixes a specified vulnerability in Accent, Anthem, Assurance and Allure pacemakers. These devices, judging by the information on the website of the Russian representative office of Abbott, are not sold in Russia. The company's Russian office did not respond to Zdrav.expert's request by the time of publication.
Updating ON in pacemakers must only be carried out by doctors. To install a new firmware, the device connects to a computer system and switches to data backup mode.[2]
Experts suggest that the number of devices and gadgets sewn into the human body will grow. Pavel Volchkov, deputy head of the consulting department of the Information Security Center of Jet Infosystems, believes that IT companies can help medical device manufacturers cope with cyber threats.
"First of all, this is an independent analysis of the security of medical equipment, in fact, a legal hacking of equipment in order to identify vulnerabilities. In addition, IT companies can help their experience in building secure development and vulnerability management processes," the expert said.
"This problem is also relevant for Russia, since we have our own serial production of the same pacemakers. One of the possible solutions is the presentation of special information security requirements established at the legislative level to manufacturing companies, "notes Pavel Volchkov.
"Perhaps someday a separate industry will appear - information security for humans - but this is a matter of a distant perspective, this should not be expected in the near future. Now antiviruses that protect a person from cyber attacks relate, rather, to the field of science fiction in the biopunk genre than to reality. Another question is that the presence of software vulnerabilities is an integral part of the life cycle of any software. Already, companies producing devices "embedded in humans" and software firmware for them should pay considerable attention to the issue of vulnerability management and safe programming methods in order to timely identify and eliminate various vulnerabilities, "commented Pavel Volchkov.
FDA criticism for problems in pacemakers
In April 2017, the Food and Drug Administration (FDA) sent an open letter to Abbott Laboratories criticizing the company for failing to investigate and address risks with heart devices. We are talking about battery malfunctions and cybersecurity problems.
Merlin @ home transceivers used in remote cardiac activity monitoring systems that connect to pacemakers and defibrillators made by St. Jude are susceptible to remote hacking, according to an FDA statement. Although the authorities are not aware of cases of use of the vulnerability by fraudsters, the FDA notes that Abbott hid at least one case of death of a patient using one of the manufacturer's heart devices.
Lithium batteries in some Abbott devices are unexpectedly discharging, and the company "underestimated the occurrence of a dangerous situation," according to the FDA.
Abbott said all of the issues described in the letter were relevant to the time before the St. Jude acquisition closed in January 2017. After that, the deadlines are completely eliminated.
| | We take these matters seriously, continue to adjust our actions, scrutinize the FDA report and commit to fully address all FDA concerns, "Abbott said in a statement. | |
The FDA, in turn, reported that Abbott did provide information on the timing of the elimination of defects, but the company did not prove that these actions were actually performed by it.
Due to criticism, the FDA may delay certification of new devices designed for MRI equipment, which Abbott expected to launch on the market in 2017. That will be in the hands of rivals including Medtronic and Boston Scientific, which are set to market similar products in the fourth quarter.[3]
US authorities for the first time publicly recognized the existence of vulnerabilities in pacemakers
On January 9, 2017, the Food and Drug Administration (FDA) acknowledged vulnerabilities in some cardiac implantable devices. Experts in the field of information security have repeatedly spoken about the existence of problems in this equipment that cybercriminals can use for their own purposes. Now they have been officially confirmed at the government level.
The FDA reported a vulnerability in Merlin @ home transceivers (transmitters) used in remote cardiac activity monitoring systems that connect to pacemakers and defibrillators manufactured by St. Jude. Transmitters constantly monitor data from the cardiac monitor and transfer everything to the secure site of the Merlin.net Patient Care Network, where it is available to treating doctors.
The U.S. government recognizes that Merlin-type monitors can be hacked to send modified commands for a patient's pacemaker or other device. With the right access, a hacker can do something to drain the pacemaker battery or affect patients' heartbeat.
The FDA does not know of one case of attack on St. Jude equipment using a vulnerability. At the same time, the manufacturer released a software update that fixes the malfunction. The new firmware is installed automatically, you just need to ensure that the device is connected to the network.
St. Jude said the company continues to work with the FDA to ensure the devices are safe.
Earlier, the FDA launched a review into the possible appearance of a vulnerability in St. Jude's cardiac devices to carry out a cyber attack that could be fatal.
2016
Abbott and St. Jude Medical sell part of the business for $1.1 billion to merge companies
In December 2016, it became known about the plans of Abbott Laboratories and St. Jude Medical to get rid of the release of several products in the field of treatment of cardiovascular diseases in order to complete the merger of the companies.
According to Bloomberg, citing a joint statement by Abbott and St. Jude Medical, the merger of the companies was approved by the antimonopoly authorities, but to complete the transaction, it is necessary to sell the production of devices for closing the pounces of Angio-Seal and Femoseal vessels (St. Jude Medical), as well as Vado Steerable Sheath devices (Abbott). The cost of this business is estimated at $1.12 billion.
The Japanese company Terumo has agreed to acquire these assets, thanks to which it will be able to become the world's largest manufacturer of hemostatic devices for the femoral arteries and expand the range of vascular access devices.
At the same time, Abbott intends to maintain the business of producing equipment for closing the puncture site of the vessel. The deal with Terumo will not have a significant impact on the company's revenues, according to Abbott.
St. Jude Medical spokesman Candace Steele Flippin clarifies that the sale of some cardiovascular products to Abbott and St. Jude Medical was a regulatory requirement.
The divestment arrangement suggests Abbott and St. Jude Medical want to close the deal before the end of 2016 at an "attractive price," according to analysts at Canaccord Authenticity[4]
Independent experts have confirmed vulnerabilities in St. Jude devices
On October 24, 2016, it became known that independent experts confirmed the existence of vulnerabilities in St. Jude Medical medical equipment, due to which devices could potentially be hacked by hackers. Read more here.
Creating an Advisory Council to Combat Hackers
On October 17, 2016, St. Jude Medical announced plans to create a special advisory medical board focused on issues. information security The health care agency writes about this with reference to the statement of the manufacturer of equipment for this. Reuters
We are talking about a group called Cyber Security Medical Advisory Board, which, in collaboration with IT experts St. Jude and third-party researchers, will advise on cybersecurity standards for medical devices and contribute to "preserving and improving cyber defense and patient safety," explained St. Jude Chief Medical Officer Mark Carlson. The composition of this group by October 18, 2016 was not finally approved.
| | We are taking the cybersecurity of our devices very seriously, and the creation of the Cyber Security Medical Advisory Board is further proof of our constant desire to promote patient care standards around the world without compromising on technical and information security, Carlson said. | |
St. Jude announced the formation of a council of consultants to combat hackers a couple of months after vulnerabilities were discovered in the company's medical equipment that allow attackers to remotely access device control and thereby endanger the lives of patients.
The U.S. Food and Drug Administration (FDA) said it supports efforts by medical device manufacturers to address cybersecurity concerns.
| | Cooperation by all stakeholders, such as cybersecurity researchers, medical institutions, patients and government agencies, increases the chances of timely detection, assessment and elimination of cyber threats before they harm patients, said Suzanne Schwartz, deputy director of the Center for Medical Devices and Radiology at the FDA[5] | |
Fatal problems with pacemakers
On October 11, 2016, St. Jude Medical warned of a malfunction in its pacemakers that could be fatal to patients. This gap could be exploited by hackers.
The defect, reported in St. Jude Medical, was found in implantable defibrillator cardioverters normalizing heart rhythm through electrical impulses. There is a risk of rapid and unexpected discharge of lithium batteries in these devices, which can cause cardiac arrest.
At least two patients died due to the premature termination of the autonomous operation of defibrillators, and another 47 people spoke about dizziness and fainting, the investment company Muddy Waters said, citing a newsletter for doctors who were informed about the problem with St. Jude Medical equipment.
The problem is isolated (concerns less than 1% of devices, according to St. Jude Medical), but a huge number of people fall into the risk group. As of October 2016, potentially defective St. Jude Medical defibrillators are used by approximately 350 thousand people around the world. Equipment manufactured before May 2015 was recognized as defective.
| | We recommend that patients who use remote monitoring provide their doctors with the ability to monitor the operation of devices for a long period of time, says Mark Carlson, chief medical officer at St. Jude Medical. - Doctors and patients may take certain measures to reduce the risk, which although small, may affect health. | |
The US Food and Drug Administration (U. S. Food and Drug Administration) announced the need to recall faulty devices and replace them with fully functional and safe ones.
In the summer of 2016, the investment company Muddy Waters Capital and the information security startup MedSec released a report in which they talked about numerous vulnerabilities in the cardiac equipment of St. Jude Medical. These "holes" can theoretically be used to hack devices, including for rapid discharge of batteries in implantable cardioverter defibrillators.
Opening vulnerabilities in the company's pacemakers and defibrillators
In August 2016, it became known that a group of hackers found a way to hack pacemakers and defibrillators, which are produced by a large American manufacturer of medical equipment St. Jude Medical. Instead of informing the company about vulnerabilities in its products, hackers turned to Carson Block, head of investment firm Muddy Waters Capital, with an unprecedented commercial offer that will help them earn money together. Read more here.
Company sold to Abbott for $30 billion
At the end of April 2016, the American pharmaceutical company Abbott Laboratories announced the purchase of St. Jude Medical for $25 billion. Abbott is also willing to take over and refinance St. Jude Medical's net debt of about $5.7 billion. The total amount of the transaction thus exceeds $30 billion.
As a result of this merger, one of the world's largest manufacturers of equipment for the diagnosis and treatment of diseases of the cardiovascular system will appear.
Under the terms of the agreement, Abbott will pay St. Jude shareholders for each share they own at $46.75 in cash and 0.8708 Abbott shares, a total of $85, which is 37% more than the exchange value of the securities as of April 27, 2016.
The sale of St. Jude to Abbott is scheduled to close in the fourth quarter of 2016. Previously, it must be approved by shareholders and regulators.
By early May 2016, Abbott and St. Jude ranked first and second in sales of cardiovascular drugs, respectively. The volume of this market is estimated at $30 billion per year, the total revenue of these two companies is $8.7 billion.
The company that emerged from the merger of Abbott and St. Jude is supposed to be one of the leaders of the medical devices market, which will have St. Jude's strong positions in the field of heart failure devices, heart catheters and defibrillators, as well as the advantages of Abbott in coronary angioplasty and heart valve repair.[6]
Notes
- ↑ Abbott Laboratories : Lawsuit seeks damages for faulty batteries in St. Jude defibrillators
- ↑ 465,000 Patients Need Software Updates for Their Hackable Pacemakers, FDA Says
- ↑ FDA warns Abbott on heart device battery woes, cybersecurity risks
- ↑ Terumo to buy catheter-related business of two U.S. firms
- ↑ St. Jude forms cyber panel after claims of heart-device bugs
- ↑ ABBOTT TO ACQUIRE ST. JUDE MEDICAL
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |