St. Jude Medical continues to endure fallout from safety controversies that recently ensnared some of its implantable cardiac defibrillators. Just yesterday, the U.S. Food & Drug Administration (FDA) took the company to task for the way it handled those problems.
The cybersecurity issues were raised last year by the investment group Muddy Waters Capital, which charged that St. Jude Medical’s Merlin@home monitoring system was vulnerable to hacking. The company strongly denied the charges and even filed a defamation suit against Muddy Waters. But the problems were later confirmed by the FDA and U.S. Department of Homeland Security.
St. Jude eventually released a software patch that was supposed to resolve the Merlin@home cybersecurity issues. However, in a Warning Letter issued to the Company on Wednesday, the FDA said that St. Jude was unable to prove that it had taken steps to ensure the patch would work prior to its release.
Last October, St. Jude recalled 400,000 Fortify, Unify and Assura defibrillators due to a battery problem that could cause a device to short-circuit without issuing the usual battery-indicator warning. The issues were tied to two patient deaths in the U.S. and Europe, prompting the FDA to place the recall in its most serious Class I category.
In Wednesday’s letter, FDA inspectors asserted that St. Jude had for years underestimated the true extent of the problem by basing its evaluations solely on “confirmed” cases of battery failure. As a result, the company continued to ship devices with defective batteries until October 2016. The letter also faults the company for failing to institute appropriate controls once the recall was initiated.
“Subsequently, ten implantable cardiac defibrillators (ICDs), subject to this recall, were shipped from your firm’s distribution centers to St. Jude US Field Representatives,” FDA inspectors wrote. “Between October 14 and October 26, 2016, an additional seven ICDs, also subject to this recall and in the control of St. Jude US Field Representatives, were implanted into patients.”
Abbott Laboratories, which acquired St. Jude Medical last year, has 15 days to provide the FDA with a specific plan to correct the issues noted in its Warning Letter.
“We take these matters seriously, continue to make progress on our corrective actions, will closely review FDA’s warning letter, and are committed to fully addressing FDA’s concerns,” an Abbot spokesperson said in a statement issued yesterday to the Minneapolis Star-Tribune.