Cybersecurity and battery problems with heart devices continue to trouble Abbott’s St. Jude Medical Inc., whose devices were still being implanted in patients despite a recall over faulty batteries last fall. This is according to a recent warning letter from the U.S. Food and Drug Administration (FDA). Also, cybersecurity issues with smart heart devices still haven’t been handled to agency’s satisfaction, which warned about the problem early in the year. The FDA also scolded a medical food company for not getting the necessary clearance to study a new product, and found a stomach-churning array of pest problems at a Los Angeles bakery. The following is a roundup of the agency’s enforcement actions last month from Law360.
Recalled St. Jude Defibrillators Implanted in Patients
St. Jude Medical – which was acquired by Abbott Laboratories on Jan. 4 – continued to ship out heart defibrillators with batteries prone to failing early, despite a recall in October, and seven cardiac defibrillators were implanted in patients soon after the recall, according to a warning letter sent April 12. The company also didn’t tell its own management and medical advisory review boards about the full scope of the battery issue, including the death of a patient whose defibrillator battery failed prematurely several years ago, the FDA said. St. Jude in the October recall had warned that batteries in some of its implantable heart devices can short-circuit and run out of juice earlier than anticipated, which it said at the time had been linked to two deaths, one in the U.S. The problem stems from lithium deposits that can form within the devices’ batteries, potentially causing short-circuits that can lead to battery failure with little notice, in some cases within 24 hours of the patient receiving the telltale vibrartory alert, according to the FDA. Normally, the devices give three months’ warning, the agency said at the time.
In its warning letter, the FDA said that it had reviewed a number of the company’s product analysis reports between 2011 and 2014, which showed that the battery supplier Greatbatch – now Integer Holdings Corp. – had shown evidence that lithium clusters caused the battery to drain too fast. But despite that evidence, St. Jude repeatedly concluded that the cause of the batteries’ failure couldn’t be determined and classed those failures as “unconfirmed,” the FDA said.
The company didn’t include these unconfirmed cases in its risk evaluation and didn’t consider that those cases could have been shorts, leading it to drastically underestimate the hazard, the FDA said. St. Jude’s management and medical advisory board had been presented with information about the premature battery failure in 2014, but the presentations likewise didn’t include the unconfirmed cases, the FDA said. “Additionally, both presentations stated there were no serious injuries or deaths directly related to lithium cluster formations,” the FDA said, noting there had been at least one death by that time.
In addition to the battery problems, the FDA again took the medical-device maker to task for cybersecurity issues with its implantable heart devices. This is the second time in 2017 that the agency has faulted St. Jude for cybersecurity problems with the devices; in January, the FDA warned that its smart pacemakers and defibrillators may be vulnerable to hacking, after St. Jude had forcefully denied such reports late last summer. Implantable cardiac devices that use St. Jude’s Merlin@home transceiver to communicate radio frequency signals that export device data “can be vulnerable to cybersecurity intrusions and exploits,” the FDA said in a Jan. 10 safety alert. That could enable a hacker to access the device by changing the programming demands, which could cause the battery to drain rapidly, change pace, or give out shocks, the FDA said, noting that there hadn’t been reports of such tampering so far. In the warning letter, the FDA chided St. Jude for how it handled its corrective and preventive action procedures for the cybersecurity issue. The agency said:
Your firm conducted a risk assessment and a corrective action outside of your CAPA system. Your firm did not confirm all required corrective and preventive actions were completed, including a full root cause investigation and the identification of actions to correct and prevent recurrence of potential cybersecurity vulnerabilities, as required by your CAPA procedures.
Medical Food Company Didn’t Clear Study
The FDA aimed another warning letter at Targeted Medical Pharma Inc., a maker of amino acid-based medical foods. A medical food is defined as food eaten under a doctor’s supervision that is meant to manage the nutritional aspects of a disease or condition. The company had sponsored clinical investigations of a redacted drug, but without submitting a required investigational new drug, or IND, application to the agency, the FDA wrote. Targeted Medical had responded to the FDA after it visited in June and July by saying that the medical food is used to treat nutritional deficiencies from pain and inflammation and that it had never been the company’s intention to apply for a new drug application or market the food as a drug, according to the letter. However, there are no distinctive nutritional requirements for people with the unnamed condition in question, the FDA said, making this product not a medical food.
Instead, the product meets the definition of a drug under the Food, Drug and Cosmetics Act, the FDA said, and thus requires an IND before a clinical investigation can begin. The agency also noted that the studies were meant to compare the product to a nonsteroidal anti-inflammatory drug. The FDA’s letter mentioned that a Targeted Medical employee had contacted the agency before the studies and was advised to apply for an IND. The agency said:
There are no FDA records to indicate that Targeted Medical Pharma Inc. submitted an IND application before conducting the investigations.
Just under 300 patients were enrolled in the studies and were given the drug product twice a day for 28 days, the FDA said.
Rat Feces, Cockroaches and Flying Birds Found at Croissant Maker
FDA inspectors found rat feces and live cockroaches during a November inspection of a wholesale bakery in Los Angeles, according to another FDA warning letter. Three birds also flew through the warehouse of C & B Croissants Corp., which had happened before during another visit in 2010, the FDA said. Perhaps relatedly, the inspectors spotted what seemed to be bird droppings on boxes of margarine stored in a walk-in cooler. In the warning letter, the agency recited a litany of other food hygiene and cleaning issues, such as the company’s practice of storing uncovered dough and margarine. A dark residue on an aluminum tray also seemed to rub off on the croissant dough.
Contact us today for a free legal consultation with an experienced attorney.
Fields marked *may be required for submission.
If you would like to subscribe to the Jere Beasley Report digital edition, simply visit our Subscriptions page and provide the necessary information or call us at 800-898-2034.
Attorney Advertising - Prior results do not guarantee a similar outcome.