St. Jude Medical, which is now part of Abbott Laboratories, failed to appropriately correct issues found in some of its cardiovascular devices, according to the U.S. Food and Drug Administration.
In a warning letter released Wednesday, the FDA determined that the St. Paul, Minn.-based device maker concealed and denied concerns that the batteries in its defibrillators could fail prematurely. The FDA said St. Jude played down the extent of the issue to its medical advisory boards by hiding information, including a patient death in 2014 as a result of a failed battery in a cardiac device.
The FDA also said that St. Jude didn't implement appropriate corrective actions to ensure patients didn't receive defibrillators with unsafe vulnerabilities. Shortly after St. Jude initiated a recall on its defibrillators in October 2016, 10 defibrillators were shipped to distributors and seven were implanted into patients, the agency said.
Two separate studies published in 2014 and 2016 found similar issues with St. Jude's defibrillator batteries. Still, St. Jude continued to sell the older models that were recalled.
Abbott said in a statement that they "take these matters seriously." The company said it will closely review the FDA's warning letter and is "committed to fully addressing the FDA's concerns."
Abbott acquired St. Jude in January for $25 billion.
The FDA said St. Jude failed to implement appropriate cybersecurity protections on devices after another agency probe in January found they could be hacked by an unauthorized user which could lead to rapid battery depletion and inappropriate pacing or shocks to a patient's cardiac device.
That FDA investigation was conducted after short-selling investment firm Muddy Waters and cybersecurity company MedSec Holdings issued a report in August 2016 that St. Jude's Merlin@Home Transmitter lacked "even the most basic forms of security."