FDA Warns Abbott on IoT Vulnerability & More

The FDA delivered a strongly worded warning to Abbott Labs about continuing vulnerabilities and defects in implantable devices.

Cleaning up a mess is never fun. Cleaning up an inherited mess is worse, and thats the position in which Abbott Labs finds itself after a harsh letter of warning from the US FDA.
At issue are the pacemakers and internal defibrillators sold by St. Jude Medical before the company was acquired by Abbott Labs in January 2017. According to the
FDAs Warning Letter
, St. Jude Medical (now Abbott Labs) has failed to correct previously noted problems in the battery and cybersecurity vulnerabilities in both pacemakers and internal defibrillators. The letter, dated April 12, noted that the company has failed to either correct the problems or implement procedures to insure that they do not recur. In addition, the letter cites Abbott labs for selling a small number of units already under a recall order.
In January,
the FDA confirmed
that the St. Jude Medical devices contained software with vulnerabilities that could allow an unauthorized third party to gain control of the pacemaker or defibrillator and quickly run down the battery or deliver a series of shocks at the wrong time. At the time, St. Jude said that it had developed a software patch that could be automatically applied to devices through the Merlin@home transmitter each patient uses with the devices. Abbott Labs also said that it was working with both the FDA and DHS to improve device security.
The original vulnerability report, published by investment firm
Muddy Waters Research
and based on ethical hacking from
MedSec
, was controversial because Muddy Waters released the information, which described vulnerability to man-in-the-middle attacks in the implantable devices, in a statement regarding stock sales and purchases rather than in a private message to either St. Jude Medical or the FDA.
The latest FDA warning letter indicates that Abbott Labs has not dealt with the problem to the satisfaction of the FDA. On a larger scale, this is the sort of IoT security issue that many experts have warned about: critical components containing serious vulnerabilities deployed in difficult-to-update scenarios. Companies that sell IoT systems, as well as those that are their customers, are likely to be watching the interaction of Abbott Labs and the FDA to see how future IoT vulnerabilities will be dealt with by regulators and industry.
— Curtis Franklin, Security Editor,
Light Reading

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
FDA Warns Abbott on IoT Vulnerability & More