Important Medical Device Advisory

Similar documents
Important Medical Device Advisory NM Implantable Pulse Generator Inaccurate Elective Replacement Indicator

Important Medical Device Advisory NM Implantable Pulse Generator Inaccurate Elective Replacement Indicator

URGENT - Medical Device Correction IntelliVue MX40 Missing Warnings in IFU

IMPLANTABLE CARDIAC DEVICE GUIDE SUPPLEMENT

Information Security Guide

Medical Devices and Cyber Issues JANUARY 23, American Hospital Association and BDO USA, LLP. All rights reserved.

CARELINK NETWORK UPDATES SUMMARY OF ENHANCEMENTS May 2017

Freelink Remote Control

Security Evaluation of the Implantable Cardiac Device Ecosystem Architecture and Implementation Interdependencies

Urgent Medical Device Correction LIFEPAK 1000 Defibrillator

URGENT FIELD SAFETY NOTICE Reserve battery and new instructions for users of the PAD 300/PAD 300P (Public Access Defibrillator)

Vercise DBS Remote Control 3 Handbook

TIP CARD MODEL TEMPORARY EXTERNAL PACEMAKER. Model Single Chamber Temporary Pacemaker

Configuring LATITUDE NXT Wave Communicators. Bottom View

The Check-in Call How-to Guide

CS Computer Security in the Physical World:

COLLECTION & HOW THE INFORMATION WILL BE USED

POSTMARKET MANAGEMENT OF CYBERSECURITY IN MEDICAL DEVICES FINAL GUIDANCE MARCH 29, TH ANNUAL MEDICAL DEVICE QUALITY CONGRESS

IPM Secure Hardening Guidelines

When a Clinical Trial Lasts Forever: A Reporting Solution for Post-Market Surveillance of Cardiac Rhythm Devices

Patient Manual. Confirm Rx Insertable Cardiac Monitor System

Data Backup and Contingency Planning Procedure

CONFIRM Rx TM INSERTABLE CARDIAC MONITOR WORLD S FIRST AND ONLY SMARTPHONE-COMPATIBLE ICM CONVENIENT. CONNECTED. CONTINUOUS.

Therapy Provider Portal. User Guide

The LifeVest Network Patient Data Management System Quick Start Guide. Information for Healthcare Professionals

Cybersecurity for Health Care Providers

Network and Connectivity

Network and Connectivity

URGENT FIELD SAFETY NOTICE

SURVIVING THE CYBERPOCALYPSE. Craig Felty Vice President, Patient Care Services Hancock Regional Hospital

User s Guide. Health Management System. Version 4.2.1

Cyber Security Incident Report

Medical Assistance Provider Incentive Repository. User Guide. For Eligible Professionals

Medical Device Vulnerability Management

Qumu Support and Maintenance Service Agreement

The Lilly Safety Mailing Process

What is New in MyChart? My Medical Record Health Preferences Settings Appointments and Visits Visits Schedule an Appointment Update Information

Vercise DBS Programming Manual

Data Management Unit, V3.1 University of Pennsylvania Treatment Research Center, 2010 Page 2

TransTalk 9000 Digital Wireless System MDW 9040 Wireless Pocket Phone Quick Reference

This document contains important information for the continued safe and proper use of your equipment

FHD Driving Recorder E272S/S272W. Quick Start Guide

Internet of Medical Things (IoMT)

System Software Updates

Information Governance Incident Reporting Policy

Merlin Patient Care System. Merlin PCS, Model 3650 Merlin Antenna, Model 3638 Merlin PSA, Model EX3100. User's Manual

MEDICAL DEVICE CYBERSECURITY: FDA APPROACH

mycisi Participant Portal: Online Tools and Support for CISI Insureds

12. Mobile Devices and the Internet of Things. Blase Ur, May 3 rd, 2017 CMSC / 33210

Subject: Audit Report 18-84, IT Disaster Recovery, California State University, Sacramento

Eco Web Hosting Security and Data Processing Agreement

A Patient s Guide to the Portal

e-mds Patient Portal Version User Guide e-mds 9900 Spectrum Drive. Austin, TX Phone Fax e-mds.

Pioneer Communications Internet Services Disclosure

e-mds Patient Portal TM

Information backup - diagnostic review Abertawe Bro Morgannwg University Health Board. Issued: September 2013 Document reference: 495A2013

1 / Spectrum Brands, Inc.

Complete the Confirmation Sheet, and return it to Physio-Control using the information on the form.

Documenting Complaint Information WI-0007, Rev AB

USCCB/MRS Migration & Refugee Information System Resource Guide

MAPIR User Guide for Eligible Hospitals. Medical Assistance Provider Incentive Repository (MAPIR): User Guide for Eligible Hospitals

Embedded Systems. Cristian Rotariu

This document contains important information for the continued safe and proper use of your equipment

Physician Online Data System

Your step-by-step user guide

EXCERPT. NIST Special Publication R1. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

mycisi Participant Portal: Online Tools and Support for CISI Insureds

2019 NCA Examination Schedule

Precision Spectra Remote Control Handbook, , Rev C

Benefit Tracker. User Manual

Information Security Incident Response Plan

Patient Portal Users Guide

Mainpine IQ Express Product Advisory

University of Wyoming Mobile Communication Device Policy Effective January 1, 2013

ONCOLOGY PATIENT INFORMATION SYSTEM (OPIS) PHYSICIAN TIP SHEET

vrealize Operations Manager User Guide

National Information Assurance (IA) Policy on Wireless Capabilities

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

Continuous protection to reduce risk and maintain production availability

User Manual. Smart Lock. Please read this manual before operating your Smart Lock, and keep it for further reference. 40

Standard TOP Transmission Operations

APPLICATION FOR AN APPRENTICE JOCKEY LICENCE UNDER RULE (D)8 OF THE RULES OF RACING

Clinician Programmer Print Tool For use with Prometra Programmable Infusion Systems Software Version

Investigator Activities Quick Reference Guide. Sanofi/Genzyme October 2013

eschoolplus 3.1 New Features

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

Healthcare mobility: selecting the right device for better patient care

A guide to the Sema4 provider portal

Cyber Risk and Networked Medical Devices

2017_Privacy and Information Security_English_Content

UDI TAC Meeting January 15, 2014

Patient Portal User s Guide

Testimony of Gerard Keegan CTIA. Before the South Carolina Joint Bond Review Special Subcommittee July 26, 2018

MDLINK MANUAL PART NUMBER A Cardiac Science Corporation

vrealize Operations Manager User Guide

Advisory: Students should have already taken MICROCOMPUTER APPLICATIONS II - 431

FINAL DECISION OF THE COMMUNICATIONS AUTHORITY DISRUPTION OF THE TELECOMMUNICATIONS SERVICES OF WHARF T&T LIMITED ON 12 AUGUST 2014

Information Security Incident Response Plan

CDS ISA100 Wireless. Redundancy techniques to increase reliability in ISA100 Wireless networks. Mircea Vlasin

Transcription:

Important Medical Device Advisory Battery Performance Alert and Cybersecurity Firmware Updates for Certain ICD & CRT-D Devices April 16, 2018 Dear Doctor, As part of a planned series of system updates that began in 2017 with the release of Merlin@home v8.2.2 software, we are writing to make you aware of new firmware intended to further strengthen the security and improve the performance of our high voltage implantable cardiac devices (ICDs and CRT- Ds). The firmware upgrade is recommended for all eligible patients and includes the following updates: 1. a battery performance alert update to provide further detection capability for premature battery depletion in certain high voltage devices (i.e., Battery Advisory Devices), and 2. a cybersecurity update to provide an additional layer of protection against unauthorized device access. This firmware upgrade will be made available over the next several weeks as part of a phased deployment plan. The information provided below is intended to assist clinicians and patients in understanding this firmware upgrade and the associated benefits and risks. Firmware Update for Device-Based Detection of Abnormal Battery Performance in Battery Advisory Devices This firmware upgrade incorporates the Battery Performance Alert (BPA) for device-based detection of abnormal battery performance due to lithium cluster induced shorts in our Fortify, Fortify Assura, Quadra Assura, Quadra Assura MP, Unify, Unify Assura, and Unify Quadra devices manufactured between January 2010 and May 2015 which are subject to the October 11, 2016 Medical Device Advisory ( Battery Advisory Devices ). As communicated in August 2017, the BPA algorithm is a management tool and is intended to provide earlier notification of abnormal battery performance for Battery Advisory Devices prior to premature battery depletion. Until now, detection of this alert has only been available through the Merlin.net remote monitoring system and the Merlin programmer during routine follow-up evaluations. This firmware update now allows for device-based detection of abnormal battery performance and if BPA is triggered, a vibratory notification is delivered to the patient, thereby ensuring continuous monitoring in situations where adherence to transmission schedules is challenging (e.g., travel). Additionally, an alert will continue to be provided to physicians through the Merlin.net remote monitoring system and the Merlin programmer during follow-up evaluations. Page 1 of 6

Additional information, including the above referenced physician communications and detailed information on the BPA algorithm, testing methods and performance can be found on our website www.sjm.com/notices. Firmware Update for Cybersecurity The cybersecurity firmware update provides additional security to reduce the risk of unauthorized access to the following high voltage device families that utilize wireless radio frequency (RF) communication: Fortify, Fortify Assura, Quadra Assura, Quadra Assura MP, Unify, Unify Assura, Unify Quadra, Promote Quadra and Ellipse. Older generation devices (i.e., Current and Promote ) are not capable of accepting the firmware update due to technology limitations. If you have any concerns relating to device cybersecurity for patients implanted with Current /Promote devices, you do have the option to permanently disable the RF communication capability in the device. However, if you choose that option, the patient can no longer be monitored remotely using an RF Merlin@home transmitter. For most patients, permanently disabling RF is not advisable. As with our 2017 cybersecurity updates for pacemakers, we have received no reports of device compromise related to cybersecurity vulnerabilities in the implanted devices associated with this communication. According to the U.S. Department of Homeland Security, compromising the security of these devices would require a highly complex attack. If there were a successful attack, an unauthorized individual (i.e., a nearby attacker) could gain access and issue commands to the implanted medical device through radio frequency (RF) transmission capability, and those unauthorized commands could modify device settings (e.g., stop pacing) or impact device functionality. [1] Battery Performance and Cybersecurity Firmware Upgrade Process and Associated Risks The firmware upgrade process takes approximately 3 minutes to complete, and during this time, the device will operate in back up mode (VVI pacing at 67 ppm) with high voltage therapy disabled. At the completion of the upgrade, the device will return to its pre upgrade settings. Refer to Appendix for detailed back-up mode settings including pacing outputs and for further description of the firmware upgrade process. As with any software update, there is the potential for a very low rate of malfunction resulting from the update. These risks do not change or increase depending on which update(s) the device is receiving (i.e., cybersecurity and/or BPA). During our recent low voltage firmware upgrade experience, there were no serious adverse events reported. Approximately 0.62% of devices experienced an incomplete upgrade and remained in the back-up pacing mode. However, in each case, the devices were restored to the prior firmware version or received the upgrade successfully after Technical Services was contacted and intervened. Additionally, a small percentage (0.14%) of patients complained of diaphragmatic or pocket stimulation or general discomfort for the time that the device was in the back-up pacing mode. There have been no (zero) cases reported to Abbott where the device remained in back-up mode following an attempted firmware upgrade. Potential risks with the firmware upgrade include, but are not limited to: discomfort due to back-up VVI pacing settings, reloading of previous firmware version due to incomplete upgrade, inability to treat VT/VF while in back-up mode given high voltage therapy is disabled, 1 Refer to the ICS-CERT Communication ICSMA-18-107-01 Page 2 of 6

device remaining in back-up mode due to unsuccessful upgrade, and loss of currently programmed device settings or diagnostic data Patient Management Recommendations (Battery Advisory and Cybersecurity) Prophylactic replacement of affected devices is not recommended. Recommendations for Devices Eligible for Firmware Upgrade While not intended to serve as a substitute for your professional judgment, we, along with our Medical Advisory Boards, recommend the firmware upgrade for all eligible patients at the next regularly scheduled visit or when appropriate depending on the preferences of the patient and physician. Please consider the following: Discuss the risks and benefits of the firmware update with your patients. As part of this discussion, it is important to consider patient specific issues such as pacemaker dependence, frequency of high voltage therapy, age of device, and patient preference. If deemed appropriate, install this firmware update following the instructions on the programmer (and listed in the Appendix). The update should be performed with appropriate monitoring and external defibrillation equipment available. The following additional recommendations only apply for patients implanted with Battery Advisory Devices: Patients receiving the firmware update should be advised that the device-based BPA will trigger a vibratory alert. In the absence of a BPA being triggered in a patient's device, through Merlin.net or the Merlin programmer, we continue to recommend adhering to the original patient management recommendations from the 2016 Premature Battery Depletion advisory (refer to Appendix). However, if the BPA is triggered, immediate device explant and replacement is recommended. Recommendations for Current & Promote Devices not Eligible for Cybersecurity Firmware Update If you have any concerns relating to device cybersecurity for those patients implanted with Current /Promote devices, you do have the option to permanently disable the RF communication capability in the device. However, if you choose that option, the patient can no longer be monitored remotely using an RF Merlin@home transmitter. For most patients, permanently disabling RF is not advisable given the proven benefits and improved survival associated with home monitoring. [2,3] Therefore we, along with our Medical Advisory Boards, recommend the following: Discuss the risks of cybersecurity vulnerabilities and proven benefits of remote monitoring with your patients at the next regularly scheduled visit. 2 Mittal, S., Piccini, J., Fischer, A., Snell, J., Dalal, N., & Varma, N. (2014, May). Remote monitoring of ICD patients is associated with reduced mortality irrespective of device type. Presented at the meeting of the Heart Rhythm Society, San Francisco, CA. This was a retrospective data review and had limitations. 3 Mittal, S., Piccini, J., Fischer, A., Snell, J., Dalal, N., & Varma, N. (2014, May). Increased adherence to remote monitoring is associated with reduced mortality in both pacemaker and defibrillator patients. Presented at the meeting of the Heart Rhythm Society, San Francisco, CA. This was a retrospective data review and has limitations. Page 3 of 6

If deemed appropriate, RF communication may be permanently disabled during an in-clinic device interrogation with Merlin programmer software version 24.2.x or later by selecting the RF icon in the upper left corner of the FastPath summary screen. As mentioned above, these updates will be made available as part of a phased deployment plan. Over the next few weeks, Abbott will monitor the initial firmware update experience, and will provide an update on the results of this initial experience on www.sjm.com/notices prior to full deployment. If you have any questions about this device firmware update, you can contact your Abbott representative or our dedicated customer technical support hotline at 1 800 436 5056 (U.S.). Additional materials, including a Patient Communication, can be found on www.sjm.com/notices. Technology and security are always evolving, and Abbott is committed to ensuring our products include the latest advancements and protections for your patients. Your feedback is important to us, so please contact your Abbott representative with any questions or comments related to this update. Sincerely, Robert Blunt Divisional Vice President, Quality Cardiac Rhythm Management Page 4 of 6

Model Family Fortify, Fortify Assura, Quadra Assura, Quadra Assura MP, Unify, Unify Assura, Unify Quadra Ellipse, Promote Quadra APPENDIX Table 1 - Model Family Eligibility High Voltage Firmware Update Available with Merlin Programmer SW v24.2.x or later All Device-Based Detection of Abnormal Battery Performance Available through FW Download Battery Advisory Devices Only Ability to Disable RF through Merlin Programmer with SW v24.2.x or later N/A All N/A N/A Current, Promote N/A N/A All Table 2 - High Voltage Device Settings During Firmware Download Device Type Parameter Setting Parameter Setting ICD* CRT-D* Pacing Mode VVI Rate 67 ppm Pacing Configuration RV Bipolar Pacing Output 5.0 V @ 0.6 ms Pacing Mode Pacing Configuration VVI, BiV Simultaneous RV Bipolar; LV Tip RV Ring Rate Pacing Output * Tachy Therapy & Detection is OFF for duration of firmware download process. Firmware Update Process 67 ppm 5.0 V @ 0.6 ms During the firmware update process the device will be temporarily placed in a back up mode with high voltage therapy disabled. Clinicians are advised to record the programmed device settings before the update in case they are not properly restored after the update. The process for the update is as follows: Abbott Representatives will update the Merlin programmer with new software: The new programmer software will allow for device firmware to be updated. The programmer provides an alert that an update is available when the device is interrogated: After the programmer software has been updated and the device has been interrogated, the programmer will display an alert that an update is available on the FastPath summary screen. Before viewing the alert, device programmed parameters may be printed out as a record of the pre update settings. A follow up on screen prompt is displayed on programmer: Once the alert is selected, the physician will follow the on screen instructions to continue. The physician confirms and initiates the firmware update: A 1-3 second pause in pacing is expected at the initiation of the update process. The programmer will download new firmware to the patient s device. The firmware update cannot be delivered remotely. During the update High Voltage therapy will be disabled automatically. Page 5 of 6

The download to device should complete within approximately three minutes: The telemetry wand must remain over the device until completion of the firmware update. If telemetry is lost, reposition the wand over the device and re-attempt the firmware download. After the update, re-interrogate to verify that the device is functioning appropriately and not in backup mode: Check that the device parameters have been restored to the preupdate settings and confirm that high voltage therapy is enabled and diagnostic data are still present. If any of these do not occur, contact Abbott technical support. If you have decided not to perform the update and wish to clear the firmware upgrade alert for future interrogations: Select the alert from the FastPath summary screen on the Merlin programmer and follow the on-screen instructions to clear the device firmware upgrade alert. After clearing the alert, the firmware upgrade will only be accessible through the Patient Data screen. Battery Advisory Device Patient Management Recommendations Conduct patient follow-up per standard practice. Prophylactic device replacement is NOT recommended because complications following replacement have been reported to occur at a greater rate than the rate of harm associated with premature battery depletion due to lithium cluster induced shorts. In the event of a BPA or ERI indicator in these devices, immediate device change is recommended. Physicians should reaffirm the availability of home monitoring to avoid or minimize time without device therapy for bradycardia and tachycardia events. Enroll patients in Merlin.net utilizing the Direct Alerts feature to provide you with an immediate alert notification in the event BPA is triggered or ERI is reached. For patients currently enrolled in Merlin.net, remind them of the importance of using remote monitoring. Review the most recent Programmed Parameters printout. Ensure that under the Trigger Alerts When section, that the Device at ERI parameter is ON (it is normally ON) for both Show on FastPath and Notify Patient selections. If the Device at ERI alert is OFF, we recommend that the patient be seen promptly to program this parameter ON. Advise patients that the device-based BPA and ERI indications trigger a vibratory alert. (Updated recommendation) At the next scheduled office visit: Interrogate the patient s device to determine if a BPA or ERI alert has been triggered. Premature battery depletion can be identified by physicians through home monitoring showing BPA, ERI or more advanced battery depletion. Perform a patient notifier test to confirm that the patient feels and recognizes the vibratory alert. Patients who cannot feel the vibratory alert may experience a BPA, loss of battery and/or loss of device function without their awareness. Advise the patient to contact your office promptly should they feel a vibratory alert. In office evaluation should be performed to determine the reason for the alert as other non critical events can also trigger a vibratory alert. Page 6 of 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback