Tag Archives: product recall

Immediate Vault Immediate Access

Insulin Pumps Recalled After Hacking Vulnerability Revealed

Posted on by

After the U.S. Food and Drug Administration (FDA) expressed concern this week that some of its internet-connected insulin pumps are vulnerable to hacking and could not be patched, medical device manufacturer Medtronic Plc has announced that they would offer an exchange for the 4,000 patients who are reportedly using the vulnerable devices. If patients are using vulnerable out-of-warranty models, Medtronic is offering a newer replacement at a discounted price, and in-warranty models will be replaced free of charge.

The Medtronic insulin pumps in question work by regularly providing insulin to the patient with the help of a continuous glucose monitor (CGM), which uses Bluetooth to connect to a computer via a CareLink USB device. This system allows patients to remotely send the device commands and share data with their health care providers. These devices are part of an industry-wide push to connect medical devices to the internet (as part of the wider internet of things, or IoT) to allow more efficient and cost-effective communication between patients and providers.

While the exact nature of the insulin pump vulnerability is unclear at this time—neither the FDA nor Medtronic has disclosed any technical details—the danger from someone exploiting the vulnerability is very serious and could be potentially fatal. According to the FDA, “an unauthorized person (someone other than a patient, patient caregiver, or health care provider) could potentially connect wirelessly to a nearby MiniMed insulin pump with cybersecurity vulnerabilities. This person could change the pump’s settings to either over-deliver insulin to a patient, leading to low blood sugar (hypoglycemia), or stop insulin delivery, leading to high blood sugar and diabetic ketoacidosis.” In a letter to patients using one of the vulnerable pumps, Medtronic confirmed the potential danger, saying that “An unauthorized person with special technical skills and equipment could potentially connect wirelessly to a nearby insulin pump to change settings and control insulin delivery.”

Fortunately, there have not been any reported cases of anyone exploiting the vulnerability, but it is not the case of such an issue affecting these devices. In 2011, a security researcher was able to hijack nearby Medtronic insulin pumps, giving him the ability to deliver potentially fatal doses of insulin to patients within 300 feet. After the vulnerability was revealed, Medtronic released a statement saying that it was working to improve their devices’ security.

This March, it was also revealed that Medtronic’s connected pacemakers, clinic programmers and home monitors were also vulnerable to hacking. In that case, Dutch security researchers discovered the security flaws, which the company reportedly initially denied before the FDA began an investigation. The agency later issued a warning about the pacemakers, and Medtronic released a patch for the software. As with the insulin pumps, there were no reported cases of anyone taking advantage of the security flaw before the fix was implemented.

Speaking to CBS News after the March incident, the FDA’s Dr. Suzanne Schwartz said, “Any device can be hacked and that’s often not understood,” adding that companies are not prepared for this reality and that “we still have a ways to go.” This week, the FDA released a set of recommendations regarding the latest insulin pump vulnerability, including a suggestion to patients: “Talk to your health care provider about a prescription to switch to a model with more cybersecurity protection.”

Such cases highlight the continuing potential risks of internet-connected medical devices. As discussed in the recent Risk Management article “Diagnosis: Risk—The Product Liability Challenges of Diagnostic Health Tech,” cyber vulnerability is only one of the many challenges for manufacturers and users of connected medical devices. These devices—especially ones that provide medical diagnostic data—have scores of built-in product liabilities that could land their manufacturers (as well as any number of other companies in the devices’ chain of distribution) in legal trouble if something goes awry.

Chipotle Provides Yet More Reminders of D&O and Food Safety Risks

Posted on by

If the average food safety crisis or product recall forces companies to weather a storm, Chipotle has spent the past year trying to weather a category 4 hurricane. Now months into their recovery effort, it seems they are still seeing significant storm surges.
Last week, a group of Chipotle shareholders filed a federal lawsuit accusing executives of “failing to establish quality-control and emergency-response measures to prevent and then stop food-borne illnesses that sickened customers across the country and proved costly to the company,” the Denver Post reported. The suit accuses executives, the board of directors, and managers of unjust enrichment and seeks compensation from Chipotle’s co-CEOs, while also asking for corporate-governance reforms and changes to internal procedures to comply with laws and protect shareholders.

Sales remain significantly impacted by the series of six foodborne illness outbreaks last year.

online pharmacy propecia with best prices today in the USA

The company reported in July that same-store sales fell another 23.6% in Q2, marking the third straight quarter of declines for performance even lower than analysts had predicted. The company’s stock remains drastically impacted, currently trading at about 4 compared to a high of 9 before the outbreaks came to light a year ago.

online pharmacy fildena with best prices today in the USA

In addition to the most recent shareholder lawsuit, the bad news for directors and officers specifically has also been further compounded recently.

Shareholder lawsuits were filed earlier this year alleging the company had misled investors about its food safety measures, made “materially false and misleading statements,” and did not disclose that its “quality controls were not in compliance with applicable consumer and workplace safety regulations.” In June, a group of shareholders sued a number of top executives for allegedly violating their fiduciary responsibilities and engaging in insider trading.

online pharmacy synthroid with best prices today in the USA

Relying on insider knowledge about insufficient food safety protocols, the suit alleges that the executives sold hundreds of thousands of shares in the first half of 2015 before the food poisoning scandal was made public.

Check out previous coverage of the Chipotle crisis in the Risk Management March cover story “Dia de la Crisis: The Chipotle Outbreaks Highlight Supply Chain Risks.”

Vendor Risks: Preventing Recalls with ERM

Posted on by

Recall
In 2016 alone, there have been dozens of recalls, by food companies, car manufacturers, and vitamin producers, among others. Not only do these recalls greatly impact a company’s bottom line, they can also affect the health and safety of consumers. With this in mind, what can organizations—both within the food industry and otherwise—do to improve their chances of uncovering suppliers operating in subpar conditions? How can they mitigate the risk of recalls?

buy ocuflox online meadfamilydental.com/wp-content/uploads/2023/10/jpg/ocuflox.html no prescription pharmacy

Customers of CRF Frozen Foods, for example, a full-line, individually quick frozen processing plant that packages fruits and vegetables for a variety of customers, recently had big problems when it was linked to a widespread listeria outbreak. Contaminated foods affected big-name distributors like Trader Joe’s, Costco and Safeway, and some customers fell ill as a result.
buy tadalafil online https://royalcitydrugs.com/tadalafil.html no prescription

Even though a series of sanitation concerns and other facility issues at CRF had been exposed by regulators as early as 2014, the factory was allowed to continue operating and its customers weren’t notified.

Red flags raised by regulators aren’t always seen by the companies they’re most relevant to, however.

buy cytotec online meadfamilydental.com/wp-content/uploads/2023/10/jpg/cytotec.html no prescription pharmacy

The fact that these outbreaks occurred seems to demonstrate that customers’ vendor management practices either failed or simply weren’t robust enough to detect issues. It all comes down to effective enterprise risk management (ERM). ERM provides the tools and framework that allow any organization to standardize processes and effectively mitigate vendor risk.

An ERM approach is characterized by standard criteria, interdepartmental communication, and automatic alerts and notifications. It keeps everyone in the organization on the same page and ensures assessment results are always understandable and accessible. This eliminates redundancy in the risk management process. As a result, you can quickly and easily determine the last time your organization evaluated a supplier. Something as simple as a notification that regulators have published new requirements might save your organization from acquiring infected or defective products.

There are three general stages that apply to any successful risk management effort:

  1. Identify specific risks, followed by assessment and evaluation
  2. Implement tailored mitigation activities to address those risks
  3. Monitor those mitigations to ensure long-term effectiveness

The first step serves as the foundation for steps two and three. Without a proper understanding of what risks your organization faces, it is impossible to prioritize and mitigate them. Especially across multiple business departments or within supply chains—it is quite difficult to identify and account for every variable.

To keep up with vendors’ fluctuating conditions, teams need to systematically identify and assess risks, catching them as they crop up. Preventing assessments from becoming obsolete is the key to keeping a pulse on everything that may affect the business, therefore avoiding unwanted surprises.

Risk assessments also help determine the best way to allocate limited resources. Minimizing vendor-related risks needn’t be burdensome, however. It should be a streamlined process that, by enabling you to avoid harmful incidents, improves operational efficiency. Once your risk assessments reveal the areas of highest priority, you can determine exactly how to mitigate those concerns.

The Freedom of Information Act can be extremely helpful when it comes to your third-party risk management efforts. It grants all companies the right to ask vendors for specific information about plant processes, worker training, sanitation practices, and maintenance. Suppliers are required to be forthcoming with all information (when asked), and teams need to take advantage of this opportunity. It is an important part of the risk management equation and will help you understand your risks before disruptions occur.

Performing vendor risk assessments—in the form of inspections, questionnaires, and service level agreements—generates an enormous amount of data and information. This information is useful for mitigating risk, but only if it is up to date, consistent and distributed to the appropriate individuals. The Freedom of Information Act provides an opportunity to evaluate suppliers with robust risk assessments, and ERM provides the means to capitalize on that opportunity. Ad-hoc assessments of current and prospective vendors, without standardized processes, will only get your team so far.

Steps to Effective ERM

Capitalizing on your vendor assessment rights is only part of the equation. Without an appropriate means of processing, distributing, and making data actionable, you’re back at square one. To make sense of important data, follow these steps:

  1. Create a taxonomy: define relationships between risks, requirements, goals, resources and processes. If each area of the business uses its own system for identifying and classifying risk, the resulting information is subjective and unusable by other departments. There is also significant information overlap—and therefore waste. Use your existing information to create a standard for data collection with minimal work.
  1. Streamline with the standardized risk assessments identified in step one. Risk assessments can be conducted in many different formats and qualities. Use resources already in place and streamline the results using the standard from step one. The most effective way to collect risk data is by identifying the root cause, or why an incident occurred. Honing in on the root cause provides useful information about what triggers loss and your organization’s vulnerabilities.
    buy tretiva online meadfamilydental.com/wp-content/uploads/2023/10/jpg/tretiva.html no prescription pharmacy

    When you link a specific root cause to a specific business process, designing and implementing mitigations is simpler and more effective.

  1. Connect mitigation activities to each of the key risks in these processes. A risk taxonomy gives you a more holistic understanding of all the moving parts in your organization. This makes it easier to design mitigation activities.
  1. Connect incidents, complaints and metrics (for each business process) to mitigation activities. Typically, companies already dedicate many resources to monitoring business performance, collecting information about incidents, complaints and metrics. These processes are often inefficient and ineffective. Simply connecting them to mitigation activities, however, identifies the reason such incidents happen. You can then take straightforward corrective actions, meeting top priorities and allocating resources with forward-looking measures. Risk management, after all, is not about minimizing fallout after an incident, but preventing such an incident from happening in the first place.

To make this entire process effective, management must work to develop an enterprise-wide risk culture. ERM is not just an executive-level process, but should be pushed all the way to frontline managers, where everyday decisions are made and the risks are known—but resources are often absent.

Approach your vendor risk assessments as you would any other risk assessment—they should be reoccurring and standardized. Perform them regularly and evaluate the results with the same scale and criteria with which you evaluate all other risks. Finally, automate information collection and review so that reporting reveals cross-silo dependencies before these risks turn into scandals. The result will be increased vendor security and the prevention of surprises, at a fraction of the cost.

Cybersecurity, Product Recall and Drones Top List of Emerging Casualty Risks

Posted on by

The cybersecurity insurance industry is booming, with demand for this specialty coverage vastly outpacing any other emerging risk line, according to a new survey by London-based broker RKH Specialty. In fact, 70% of the insurance professionals surveyed listed cyber as the top casualty exposure.

The brokers, agents, insurers and risk managers RKH queried after April’s RIMS 2015 conference said their top casualty concerns after cyber are product recall and drones (11% each), with others including e-cigarettes, autonomous vehicles and telematics totaling only eight percent.

RKH Specialty Study Graph

“Losses stemming from cyber-related attacks and business interruption can be catastrophic for individual businesses,” said Barnaby Rugge-Price, RKH Specialty’s CEO. “Healthcare and retail have been the major buyers in the cyber space to date but we are seeing an increasing conversion rate across the whole of our portfolio. After a number of years of looking at the offering, clients are increasingly deciding to purchase the cover as the product has improved and the frequency of attacks has continued to increase. There has also been a heightened focus on the business interruption aspect, where cyber attacks can cause whole facilities to shut down. But whether cyber related or not, any interruption to the supply chain can cause a disproportionate loss. The survey highlights the importance of specialist insurance for a whole host of emerging risks.”

Turning specifically to property exposures, supply chain disruption was identified by 61% as the top risk, followed by flood (30%) and tornadoes (9%). The findings reflect a growing recognition of the potential exposures that longer and more complex supply chains introduce, the firm said.

The brokerage also asked insurance professionals what they think clients are and will be most concerned about when evaluating a broker’s service, and in turn, what brokers will need to focus on to stay competitive. They predict:

RKH Specialty broker service