FDA Adverse Event Malfunction Summary report: N

ALINIQ AMS

MDR report key: 13981119 · Received April 1, 2022

Report

Report Number
3004032053-2022-00001
Event Type
Malfunction
Date Received
April 1, 2022
Date of Event
February 23, 2022
Report Date
April 7, 2022
Manufacturer
ABBOTT SRL
Product Code
JQP
PMA / PMN Number
EXEMPT
Removal / Correction Number
N/A
Product Problem
Yes
Report Source
Manufacturer report
Reporter Location
IL, US
Reporter Occupation
003

Narratives

Additional Manufacturer Narrative · 0

CATALOG NO; UNIQUE IDENTIFIER (UDI #): AMS 2.06; CATALOG NO 03R89-01; UDI- N/A. AMS 2.07 (INCLUDING PATCHES)/ALINITY IQ AMS 2.07.2; CATALOG NO 03R89-20; UDI- N/A. ALINIQ AMS 2.08 (INCLUDING PATCHES); CATALOG NO 03R89-21; UDI- (B)(4). ALINIQ AMS 2.09; CATALOG NO 03R89-23; UDI- (B)(4). ALINIQ AMS 2.10; CATALOG NO 03R89-24; UDI- (B)(4). ALINIQ AMS 2.11; CATALOG NO 03R89-47; UDI- (B)(4). ALINIQ AMS 2.12; CATALOG NO 03R89-48; UDI- (B)(4). ABBOTTLINK HAS NO LN OR SN. THE INVESTIGATION INTO THIS ISSUE FOUND THAT THIS VULNERABILITY IMPACTS ALL MARKETED VERSIONS OF ALINIQ AMS AND ABBOTTLINK. THE INVESTIGATION ALSO IDENTIFIED THAT THE VULNERABILITY CAN ONLY BE EXPLOITED ON AMS-ABBOTTLINK SYSTEMS WITHIN CUSTOMER NETWORKS WITH POOR NETWORK SECURITY (LABS WITH NO FIREWALL, OR AN POORLY CONFIGURED FIREWALL). A PRODUCT CORRECTION LETTER HAS BEEN ISSUED TO ALL CUSTOMERS WHERE BOTH ABBOTTLINK AND ALINIQ AMS ARE INSTALLED. THE PRODUCT CORRECTION LETTER NOTIFIES CUSTOMERS OF THE ISSUE AND PROVIDES THE NECESSARY ACTIONS TO BE TAKEN TO REDUCE THE RISK OF EXPLOITATION OF THIS VULNERABILITY UNTIL THEY ARE CONTACTED BY THEIR ABBOTT REPRESENTATIVE TO SCHEDULE THE MANDATORY INSTALLATION OF THE NEW VERSION OF ABBOTTLINK ONCE IT IS AVAILABLE.

Additional Manufacturer Narrative · 0

THIS EMDR IS BEING SUBMITTED AS THE ATTACHMENT A (INDICATED IN SECTION D4- SERIAL NO) WAS INADVERTENTLY NOT ATTACHED TO THE INITIAL EMDR SUBMISSION. ATTACHMENT A HAS NOW BEEN ATTACHED TO THIS SUBMISSION.

Description of Event or Problem · 0

ABBOTT RECEIVED A SECURITY VULNERABILITY NOTIFICATION FROM PTC, THE SUPPLIER WHO PROVIDES THE SOFTWARE USED IN ABBOTTLINK, WHICH RESIDES ON A CUSTOMER-OWNED SERVER. WITHIN THE OVERALL SOFTWARE, THE AXEDA DESKTOP SERVER IS USED TO ENABLE REMOTE SCREEN SHARING THROUGH AN ABBOTTLINK CONNECTION. THE IDENTIFIED VULNERABILITY COULD ALLOW CONTROL OF THE OPERATING SYSTEM OF THE SERVER WHERE THE SOFTWARE IS INSTALLED. THIS VULNERABILITY ONLY IMPACTS CUSTOMER SITES WHERE BOTH ALINIQ AMS AND THE ABBOTTLINK AXEDA DESKTOP SERVER ARE INSTALLED WHEN: THE ATTACKER HAS CREDENTIALLED ACCESS TO THE CUSTOMER NETWORK. THE ATTACKER KNOWS THE ABBOTT-CONTROLLED AXEDA DESKTOP SERVER PASSWORD; THE ATTACKER CAN CONNECT TO A SPECIFIC PORT ON THE AXEDA DESKTOP SERVER. IF THE AXEDA VULNERABILITY IS EXPLOITED, THE ATTACKER COULD GAIN ACCESS THROUGH THE AXEDA DESKTOP SERVER TO ALINIQ AMS SERVICES WHICH HAS THE POTENTIAL FOR A DELAY IN PATIENT RESULTS, INCORRECT RESULTS, AND/OR DATA PRIVACY ISSUES. THERE HAVE BEEN NO KNOWN EXPLOITS OF THIS VULNERABILITY ON THE ALINIQ AMS.

Devices

Seq Brand Generic Product Code Manufacturer Model Lot UDI-DI
1728547 ALINIQ AMS CALCULATOR/DATA PROCESSING MODULE, FOR CLINICAL USE JQP ABBOTT SRL

Patients

Seq Age Sex Outcome Treatment
1 Unknown ABBOTTLINK 5.10| ABBOTTLINK 5.10