If you have a new or older model of St. Jude defibrillator (implantable cardioverter defibrillators ICDs and cardiac resychronization therapy defibrillators CRT-Ds) and have received a notification to have a firmware update or to disable wireless communication, you may be entitled to compensation.
Also if you or a family member have received a St. Jude Medical defibrillator recall or firmware notification and have paid for or paid a co-pay for the certain St. Jude Medical defibrillators, you may be entitled to compensation.
It’s been reported that more than 700,000 St. Jude Medical Abbott Labs implantable heart defibrillators (not pacemakers) will need cyber-security updates, and that older versions may not be capable of being updated and will have some of their functionality disabled. The wireless communications systems embedded in these devices permit remote monitoring of patient health and device status, but could be hijacked in ways that could harm patient health, even though such an attack has not yet been documented.
The firmware update includes:
To check if your pacemaker is subject to premature battery depletion, visit the ICD and CRT-D battery advisory. You’ll need your device’s model number and serial number.
The Food and Drug Administration issued a safety communication about the update on April 17, 2018.
The FDA issued a Class I recall on St. Jude Medical Implantable Cardioverter Defribrillators (ICD) and and Cardiac Resynchronization Therapy Defibrillators (CRT-D) due to premature battery depletion.
Full List of Affected Devices:
St. Jude Medical implantable cardioverter defibrillators (ICDs) and cardiac resynchronization therapy defibrillators (CRT-Ds) are devices that provide pacing for slow heart rhythms, and electrical shock or pacing to stop dangerously fast heart rhythms.
ICDs and CRT-Ds are both implanted under the skin in the upper chest area with connecting insulated wires (“leads”) that go into the heart. A patient may need an ICD or CRT-D if their heartbeat is too slow (bradycardia), too fast (tachycardia), or needs coordination to treat heart failure.
Many medical devices—including Abbott’s ICD and CRT-D devices—contain configurable embedded computer systems that can be vulnerable to cybersecurity intrusions and exploits. As medical devices become increasingly interconnected via the Internet, hospital networks, other medical devices, and smartphones, there is an increased risk of exploitation of cybersecurity vulnerabilities, some of which could affect how a medical device operates.
The FDA has reviewed information concerning potential cybersecurity vulnerabilities associated with Abbott’s RF-enabled ICDs and CRT-Ds, and has confirmed that these vulnerabilities, if exploited, could allow an unauthorized user (i.e. someone other than the patient’s physician) to access a patient’s device using commercially available equipment. This unauthorized user could then modify programming commands to the implanted defibrillator, which could result in patient harm from rapid battery depletion (unrelated to lithium clusters), or administration of inappropriate pacing or shocks.
The FDA also discusses those pacemakers which cannot accept firmware update because of “technology limitations:”
“For patients with Current or Promote devices that cannot accept the firmware update due to technology limitations, Abbott has implemented an option in the Merlin Programmer to permanently disable RF for patients concerned with the cybersecurity of their device. However, disabling RF will prevent data from a patient’s device from being transmitted to his or her doctor’s office using the RF [email protected] Transmitter. For patients enrolled in home monitoring, FDA recommends keeping RF enabled.”
For more information, please contact the Abbott Law Group attorneys.