by
Thomas Dworetzky, Contributing Reporter | April 14, 2017
The batteries could short and the device fail without setting off the dead battery alarm, noted the paper.
This characterization led the company to a “Corrective Action and Preventive Action (CAPA) Procedure” that treated the events in a much different way than had they been confirmed. “Basing your firm’s risk evaluation on “confirmed” cases and not considering the potential for “unconfirmed” cases to have been shorts, your firm underestimated the occurrence of the hazardous situation,” noted the FDA letter.
Ad Statistics
Times Displayed: 173742
Times Visited: 3176 For those who need to move fast and expand clinical capabilities -- and would love new equipment -- the uCT 550 Advance offers a new fully configured 80-slice CT in up to 2 weeks with routine maintenance and parts and Software Upgrades for Life™ included.
This situation continued even after a patient death in 2014. “Your firm completed its returned device analysis, related to this death, on August 27, 2014. The analysis concluded the cause of premature battery depletion 'could not be determined' despite evidence of lithium bridges, provided by your supplier,” stated the FDA.
The FDA thus noted that the “unconfirmed” classification “resulted in significant underestimations of the probability of occurrence of the hazardous situation."
Beyond that, “seven patients were implanted with defibrillators after St. Jude recalled more than 400,000 of the devices,” noted the Star Tribune.
The FDA also weighed in on the Merlin@home cybersecurity issue in the letter.
Cybersecurity concerns
were first raised by investment firm Muddy Waters Capital, which went public and then shorted the stock. St. Jude sued the investment company for defamation.
"We felt this lawsuit was the best course of action to make sure those looking to profit by trying to frighten patients and caregivers, and by circumventing appropriate and established channels for raising cybersecurity concerns, do not use this avenue to do so again,” said Michael T. Rousseau, president and chief executive officer at St. Jude Medical. "We believe this lawsuit is critical to the entire medical device ecosystem — from our patients who have our life saving devices, to the physicians and caregivers who care for them, to the responsible security researchers who help improve security, to the long-term St. Jude Medical investors who incurred losses due to false accusations as part of a wrongful profit-making scheme."
It noted that after third-party reports of security flaws in the system, “your firm failed to accurately incorporate the findings of a third-party assessment you commissioned, dated April 2, 2014, into your firm’s updated cybersecurity risk assessments for your high voltage and peripheral devices. This included dealing with the 'hard-coded universal unlock code as an exploitable hazard for your firm’s High Voltage devices',” which the report had identified.
