The Federal Drug Administration (FDA) Thursday warned Abbott Laboratories of cybersecurity and other issues relating to heart devices made by St. Jude Medical, which Abbott acquired earlier this year.
In addition to a serious battery depletion problem, the FDA said Abbott hadn't fully verified that the remote monitoring device only opened “network ports to authorized interfaces ”nor had it accurately incorporated “the findings of a third-party assessment you commissioned, dated April 2, 2014, into your firm's updated cybersecurity risk assessments for your high voltage and peripheral devices.”
"The FDA warning to Abbott is an echo of challenges we've seen in other technology verticals that are built with batteries and software. Every mobile device in the field today is available and affordable because of advances in those two areas,” Rod Schultz, vice president of product, at Rubicon Labs, said in comments emailed to SC Media. “The healthcare industry must build on technology advancement to innovate, but patient safety and FDA requirements have got to be addressed as top-most priorities. The FDA works closely with federal agencies, DHS, and medical device manufacturers to increase reliability and security, but it seems that more guidance is needed, and perhaps the incentive structure needs to be changed.”
Schultz noted that for Abbott “advice from a few key technology companies (Samsung, Apple, and Google) could have helped tremendously. Each of those companies has processes and advice that the FDA could solicit to prevent battery, cybersecurity, and other mobile device pitfalls - all of which are only going to become more frequent with smart medical devices.”
Saying that “we are at the beginning of an incredible transformation in how medical care is given and received, and the FDA can probably do more than send out strongly worded letters,” Schultz noted, “they have the power to proactively connect the world's technology pioneers with its health care pioneers so that the patient can benefit."