05.10.12
Hackable Medical Devices—Is There a Solution?
The hacker—possibly one of the most feared figures in today’s electronic and increasingly wireless world, she has the ability to access every detail of our lives and identities. If not targeting individuals, a hacker can target corporations—just to prove she can. The buzz about hackable medical devices has been increasing in volume lately as a federal advisory board called for a thorough review of medical devices that are accessible wirelessly before they are released.
At its core, the hacker community is one of smart people who live for the high of exposing weaknesses in online systems, often not maliciously, but out of intellectual curiosity. The cultural identity of a hacker is that of irreverence and playfulness. The term originated at the Massachusetts Institute of Technology (MIT), according to Steven Levy, author of “Hackers: Heroes of the Computer Revolution.” In the 1950s, a student club at MIT created a fully working technological model of a railroad, and a group of students under the table hacked away at the complex system, attempting to break in and manipulate it. They called themselves “hackers,” synonymous with “pranksters.” It was an intellectual endeavor rather than a malicious one. These were some of the students who enrolled in MIT’s first-ever undergraduate computing course.
Hackers do not have “traditional” respect for information privacy. The hacker ethic, according to Levy, is that all information should be free. Anything that keeps one away from information should be surmounted.
In October 2011, news broke that security software company McAfee had exposed a weakness in an insulin pump manufactured by Medtronic Inc. by “ethically hacking” the device, specifically to demonstrate that it could be done. The potential for malicious hacking of life-sustaining devices is too high to be ignored, which has prompted close review of such devices.
The Information Security and Privacy Advisory Board (ISPAB), created by the Computer Security Act of 1987, is drawing attention to the issue because the number of wirelessly accessible devices is on the rise. These devices can allow for remote checkups and follow-ups, where the patient does not need to physically visit the physician; they can allow for—as in the case of the Medtronic pump—an administration of a dose of medication wirelessly and without the use of a needle. There are wide and varied advantages to devices such as these, but as the ISPAB inferred in a recent letter, the patient would be exposed to “significant risk of harm.”
The ISPAB issued this letter on March 30 to the Office of Management and Budget, as well as the U.S. Department of Health and Human Services and the National Institute of Standards and Technology.
“Further complicating this picture,” the letter’s authors wrote, “[are that] the economics of medical device cybersecurity involves a complex system of payments between multiple stakeholders—including manufacturers, providers, and patients. At the same time, no one agency has primary responsibility from Congress to ensure the cyber security of medical devices deployed across this spectrum.”
The ISPAB letter also expressed concern over companies and other becoming de-incentivized to report device security breaches for fear of liability.
The ISPAB suggests that an agency such as the U.S. Food and Drug Administration (FDA) should be given responsibility for medical device security. The FDA would collaborate with various expert boards such as the National Institute of Standards and Technology. The board concluded that further study is needed before wirelessly accessible medical devices safely can be placed on the market.
Meanwhile, at Purdue and Princeton Universities, located in West Lafayette, Ind., and Princeton, N.J., respectively, a group of researchers have created a prototype of a firewall for medical devices that they claim is close to un-hackable. The prototype is known as MedMon for medical monitor, but the research group has stressed that this is a proof of concept only. The concept would have to be miniaturized—and, of course, materialized—before it can be tested and used. A provisional patent application has been filed on the concept.
“This is still not going to solve privacy concerns,” Anand Raghunathan told Inside Indiana Business. “Someone could still learn that you have a medical device, but hopefully they are not going to be able to do anything bad to you. It is extremely difficult to make a system completely impregnable.” Raghunathan is the lead researcher on the project.
Raghunathan, Ph.D., along with fellow researcher Niraj Jha, Ph.D., are the brainchildren behind MedMon and are working with two engineering graduate students from Princeton University, Chunxiao Li and Meng Zhang. Though mainstream news sources are hailing MedMon as the new device that will end hacking, the truth is the device still is in its beginning stages. Raghunathan and Jha provided Medical Product Outsourcing with an inside look at the device.
Raghunathan is a professor of electrical and computer engineering at Purdue, and has held a visiting professorial position at Princeton University’s Department of Electrical Engineering. He is a senior researcher at NEC Laboratories America in Princeton, N.J., leading research efforts on advanced system-on-chip and embedded system architectures and design methodologies. He earned his bachelor’s degree in electrical and electronics engineering from the Indian Institute of Technology in Madras, India, and his master’s and doctoral degrees in electrical engineering from Princeton University.
Jha is a professor of electrical engineering at Princeton University, where his interest in biological and biomedical engineering drew him to this project. He earned his bachelor’s degree in electronics and electrical communication engineering from the Indian Institute of Technology in Kharagpur, India, his master’s degree in electrical engineering from the State University of New York at StonyBrook, and his Ph.D. in the same field from the University of Illinois at Urbana-Champaign.
According to Raghunathan and Jha, MedMon is a device that monitors all communication packets that go into or out of a medical device. It analyzes the characteristics of the wireless signal, as well as the contents of the communication “packets” to identify packets that potentially represent malicious activity. When such packets are detected, MedMon can take actions such as alerting the user or jamming the packets to ensure they do not reach the target device. At a high level, MedMon is similar to network firewalls that are used to protect home and corporate computer networks. However, the information and algorithms used in MedMon are very different, the researchers noted. “We and other researchers have previously demonstrated attacks on medical devices in the lab using inexpensive, off-the-shelf equipment,” Raghunathan and Jha wrote in response to MPO editors’ questions. “Although we are unaware of such attacks in the real world, we felt that it would be important to address them before they get translated from the lab into practice.”
But the technology still is in its early stages. A functional prototype has been created in the lab that has shown promise in detecting many wireless attacks, the researchers said. However, challenges such as size, weight, and battery life need to be overcome to make the system portable. Once a usable prototype is developed, regulatory approval still will be necessary before the technology can make it into the hands of users.
St. Jude Calls for Study Retraction; Journal Says No
It seemed for a while that St. Jude Medical Inc.’s Riata lead controversy wasn’t going to die quietly.
Robert G. Hauser, M.D.’s study of the cardiac defibrillator lead wires published in Heart Rhythm Journal (HRJ) elicited dissent from St. Jude when it was published in March. The study found the company’s Riata leads to be the cause of 22 deaths (St. Jude claims that number actually is only 20) due to the lead wires’ tendency to externalize from their insulation. St. Jude called for HRJ to retract the study, citing inaccurate facts and bias. This came after the recall of the Riata leads in December 2011, and an advisory letter about its QuickSite and QuickFlex leads St. Jude sent out earlier this year.
Embroiled in the controversy was Hauser, whom St. Jude accused of bias toward the company’s competitor, Medtronic Inc. Medtronic is the producer of Quattro Secure, lead wires that perform the same function as the Riata leads. Hauser found that only five deaths were directly caused by Quattro leads, which St. Jude contends is a biased finding. Daniel Starks, CEO of St. Jude, told The New York Times that St. Jude has been “more transparent than [other companies]” about its leads, insinuating that Medtronic has not. This, Starks suggested, simply makes St. Jude look worse than their competitors, and may have affected the study. Starks also suggested, along with other executives, that Medtronic has begun a “whispering campaign” about its other product, the Durata lead.
St. Jude has had the Durata lead on the market for several years now. It claims the Durata has an extra coating of insulation that prevents wire exposure.
Medtronic, for its part, told Medical Product Outsourcing that these accusations from St. Jude are not new.
“From the very beginning of their issues with their leads, St. Jude has been making claims that this is nothing more than a marketing campaign by Medtronic. However, the timeline of events clearly tells a different story,” said Medtronic spokesperson Christopher Garland.
Some experts have found that St. Jude has been less than forthcoming about the risk of its products. St. Jude’s advisory letter to physicians in 2010 stated a 0.47 percent chance of Riata wire exposure, while other researchers independent of the company put that number closer to 30 percent. A summer 2011 paper published by physicians in Northern Ireland cited a 15 percent Riata failure rate. That November, St. Jude issued another letter providing updated estimates of Riata lead failures.
“They have at multiple steps underplayed the gravity of the situation,” said Kenneth Ellenbogen, M.D., medical device expert and chairman of the Division of Cardiology at the Virginia Commonwealth University Pauley Heart Center in Richmond, Va. He often acts as a consultant for St. Jude and its competitors.
In an attempt to demonstrate transparency while simultaneously revealing what it sees as bias in Hauser’s study, St. Jude independently searched the U.S. Food and Drug Administration’s (FDA’s) Manufacturer and User Facility Device Experience Database (MAUDE), the device database Hauser used to gather information. The company found 74 Riata lead-related deaths, while Hauser reported finding only 71 (related deaths are different from deaths directly caused by the device). At the same time, St. Jude claims it found 377 Quattro lead-related deaths, while Hauser reported only 62. St. Jude also points out that the comparison between Riata and Quattro leads is an unequal one, considering the two leads are insulated by different materials—Riata leads by silicone and Quattro leads by polyurethane. Finally, St. Jude notes that the FDA specifically states on its website that MAUDE is “not intended to be used either to evaluate rates of adverse events or to compare adverse event occurrence rates across devices,” making Hauser’s use of the data, according to the company, inappropriate.
In addition, the FDA includes a disclaimer that states the reports submitted to the database “[do] not necessarily reflect a conclusion by the party submitting the report or by FDA that the report or information constitutes an admission that the device, or the reporting entity or its employees, caused or contributed to the reportable event.”
Despite these disclaimers, a quick search of the HRJ database shows that it is not uncommon for researchers to use MAUDE as a tool for research.
St. Jude Medical said in a statement that the company has spent more than 300 hours trying to replicate the numbers Hauser came up with in his study, but hasn’t been able to. St. Jude found “duplicate reports, inconsistent categorizations and failures to include all available reports.”
HRJ rejected the request for retraction, insisting the article in question had undergone review by experts before publication.
In the company’s 2012 first-quarter earnings report conference call, held April 18, Starks said the company is doing just fine in the wake of this uncomfortable period. Revenues are healthy, and in regard to the heart market, St. Jude “actually had a few more active United States ICD (implantable cardioverter defibrillator) accounts in the first quarter of 2012 than [it] did in the first quarter of 2011.”
E.U. Clears JNJ Acquisition of Synthes
It worked. After unloading its DePuy Orthopaedics Inc. trauma division to make way for Synthes Inc., Johnson & Johnson (JNJ) has won the approval of European antitrust authorities to go through with the acquisition. DePuy is being acquired by Warsaw, Ind.-headquartered Biomet Inc.
JNJ announced its intent to buy Switzerland-based orthopedic device company Synthes almost a year ago, but European regulators feared the move would give JNJ a virtual monopoly in the orthopedics sector. JNJ wanted to fold Synthes into DePuy Orthopaedics to create, according to the company, possibly the world’s largest orthopedics business.
“The proposed acquisition would remove a competitor from some markets which are already concentrated,” Joaquin Almunia, the antitrust chief in the European Union (EU), said in a prepared statement last fall when regulators began their investigation of the proposed merger. “The commission needs to make sure that effective competition is preserved in order to maintain innovation and prevent harm to patients.”
Facing such scrutiny from the European regulators, JNJ decided to sell its DePuy unit, a compromise that has proven successful.
According to a statement released April 19 by the commission, its concerns were based on “very high combined market shares of the merging entities in these markets, the rather mature character of the products, and the strong position of the AO Foundation, a highly reputed Swiss-based surgeon-led organization with an exclusive relationship with Synthes.”
Though it has been approved, the acquisition still may prove troublesome for JNJ. Synthes has had its fair share of legal trouble—in 2009, the company settled charges with New Jersey prosecutors that its clinical investigators did not disclose their financial interests; and late last year, Synthes sued several former employees and their hiring companies, claiming raids on staff, breaches of confidentiality agreements, and violations of patents. Even as recently as last month, the company and four former executives were sued in California by the families of two patients who died on the operating table allegedly from the misuse of bone cement the company had developed. Several executives who admitted their involvement in an illegal clinical trial of the bone cement have been sent to jail.
Of course, it’s worth noting that DePuy has been fighting criticism due to its metal-on-metal hip implants that were recalled en masse in 2010. The hip implants gained a lot of attention for leaving metal debris in the implant area. There still are patients currently using the device, and David Floyd, DePuy president at the time of the recall, acknowledged that use would be a concern.
Now that the acquisition deal has materialized, Synthes’ baggage is now JNJ’s. The healthcare conglomerate, however, hopes to gain a stronghold in the trauma sector that it didn’t have before, so the payoff could be worth it.
“We are pleased the European Commission has granted conditional clearance of Johnson & Johnson’s acquisition of Synthes,” JNJ spokeswoman Lorie Gawreluk told Medical Product Outsourcing. “We expect to fulfill our commitment to the Commission with the divestiture of the DePuy Orthopaedics Trauma business to Biomet in the second quarter of 2012, upon receipt of regulatory approvals and other customary closing conditions. The merger agreement requires clearance from five regulatory bodies prior to closing. To date, we have received clearance from four of those bodies, representing Japan, Canada, China and the E.U. We are actively working with U.S. regulatory authorities and continue to expect the transaction to close in the second quarter of 2012.”
The outside date is set at June 25.
The Biomet acquisition of DePuy is valued at $280 million, while Synthes will be sold to JNJ for $21.3 billion.
The hacker—possibly one of the most feared figures in today’s electronic and increasingly wireless world, she has the ability to access every detail of our lives and identities. If not targeting individuals, a hacker can target corporations—just to prove she can. The buzz about hackable medical devices has been increasing in volume lately as a federal advisory board called for a thorough review of medical devices that are accessible wirelessly before they are released.
At its core, the hacker community is one of smart people who live for the high of exposing weaknesses in online systems, often not maliciously, but out of intellectual curiosity. The cultural identity of a hacker is that of irreverence and playfulness. The term originated at the Massachusetts Institute of Technology (MIT), according to Steven Levy, author of “Hackers: Heroes of the Computer Revolution.” In the 1950s, a student club at MIT created a fully working technological model of a railroad, and a group of students under the table hacked away at the complex system, attempting to break in and manipulate it. They called themselves “hackers,” synonymous with “pranksters.” It was an intellectual endeavor rather than a malicious one. These were some of the students who enrolled in MIT’s first-ever undergraduate computing course.
Hackers do not have “traditional” respect for information privacy. The hacker ethic, according to Levy, is that all information should be free. Anything that keeps one away from information should be surmounted.
In October 2011, news broke that security software company McAfee had exposed a weakness in an insulin pump manufactured by Medtronic Inc. by “ethically hacking” the device, specifically to demonstrate that it could be done. The potential for malicious hacking of life-sustaining devices is too high to be ignored, which has prompted close review of such devices.
The Information Security and Privacy Advisory Board (ISPAB), created by the Computer Security Act of 1987, is drawing attention to the issue because the number of wirelessly accessible devices is on the rise. These devices can allow for remote checkups and follow-ups, where the patient does not need to physically visit the physician; they can allow for—as in the case of the Medtronic pump—an administration of a dose of medication wirelessly and without the use of a needle. There are wide and varied advantages to devices such as these, but as the ISPAB inferred in a recent letter, the patient would be exposed to “significant risk of harm.”
The ISPAB issued this letter on March 30 to the Office of Management and Budget, as well as the U.S. Department of Health and Human Services and the National Institute of Standards and Technology.
“Further complicating this picture,” the letter’s authors wrote, “[are that] the economics of medical device cybersecurity involves a complex system of payments between multiple stakeholders—including manufacturers, providers, and patients. At the same time, no one agency has primary responsibility from Congress to ensure the cyber security of medical devices deployed across this spectrum.”
The ISPAB letter also expressed concern over companies and other becoming de-incentivized to report device security breaches for fear of liability.
The ISPAB suggests that an agency such as the U.S. Food and Drug Administration (FDA) should be given responsibility for medical device security. The FDA would collaborate with various expert boards such as the National Institute of Standards and Technology. The board concluded that further study is needed before wirelessly accessible medical devices safely can be placed on the market.
Meanwhile, at Purdue and Princeton Universities, located in West Lafayette, Ind., and Princeton, N.J., respectively, a group of researchers have created a prototype of a firewall for medical devices that they claim is close to un-hackable. The prototype is known as MedMon for medical monitor, but the research group has stressed that this is a proof of concept only. The concept would have to be miniaturized—and, of course, materialized—before it can be tested and used. A provisional patent application has been filed on the concept.
“This is still not going to solve privacy concerns,” Anand Raghunathan told Inside Indiana Business. “Someone could still learn that you have a medical device, but hopefully they are not going to be able to do anything bad to you. It is extremely difficult to make a system completely impregnable.” Raghunathan is the lead researcher on the project.
Raghunathan, Ph.D., along with fellow researcher Niraj Jha, Ph.D., are the brainchildren behind MedMon and are working with two engineering graduate students from Princeton University, Chunxiao Li and Meng Zhang. Though mainstream news sources are hailing MedMon as the new device that will end hacking, the truth is the device still is in its beginning stages. Raghunathan and Jha provided Medical Product Outsourcing with an inside look at the device.
Raghunathan is a professor of electrical and computer engineering at Purdue, and has held a visiting professorial position at Princeton University’s Department of Electrical Engineering. He is a senior researcher at NEC Laboratories America in Princeton, N.J., leading research efforts on advanced system-on-chip and embedded system architectures and design methodologies. He earned his bachelor’s degree in electrical and electronics engineering from the Indian Institute of Technology in Madras, India, and his master’s and doctoral degrees in electrical engineering from Princeton University.
Jha is a professor of electrical engineering at Princeton University, where his interest in biological and biomedical engineering drew him to this project. He earned his bachelor’s degree in electronics and electrical communication engineering from the Indian Institute of Technology in Kharagpur, India, his master’s degree in electrical engineering from the State University of New York at StonyBrook, and his Ph.D. in the same field from the University of Illinois at Urbana-Champaign.
According to Raghunathan and Jha, MedMon is a device that monitors all communication packets that go into or out of a medical device. It analyzes the characteristics of the wireless signal, as well as the contents of the communication “packets” to identify packets that potentially represent malicious activity. When such packets are detected, MedMon can take actions such as alerting the user or jamming the packets to ensure they do not reach the target device. At a high level, MedMon is similar to network firewalls that are used to protect home and corporate computer networks. However, the information and algorithms used in MedMon are very different, the researchers noted. “We and other researchers have previously demonstrated attacks on medical devices in the lab using inexpensive, off-the-shelf equipment,” Raghunathan and Jha wrote in response to MPO editors’ questions. “Although we are unaware of such attacks in the real world, we felt that it would be important to address them before they get translated from the lab into practice.”
But the technology still is in its early stages. A functional prototype has been created in the lab that has shown promise in detecting many wireless attacks, the researchers said. However, challenges such as size, weight, and battery life need to be overcome to make the system portable. Once a usable prototype is developed, regulatory approval still will be necessary before the technology can make it into the hands of users.
St. Jude Calls for Study Retraction; Journal Says No
It seemed for a while that St. Jude Medical Inc.’s Riata lead controversy wasn’t going to die quietly.
Robert G. Hauser, M.D.’s study of the cardiac defibrillator lead wires published in Heart Rhythm Journal (HRJ) elicited dissent from St. Jude when it was published in March. The study found the company’s Riata leads to be the cause of 22 deaths (St. Jude claims that number actually is only 20) due to the lead wires’ tendency to externalize from their insulation. St. Jude called for HRJ to retract the study, citing inaccurate facts and bias. This came after the recall of the Riata leads in December 2011, and an advisory letter about its QuickSite and QuickFlex leads St. Jude sent out earlier this year.
Embroiled in the controversy was Hauser, whom St. Jude accused of bias toward the company’s competitor, Medtronic Inc. Medtronic is the producer of Quattro Secure, lead wires that perform the same function as the Riata leads. Hauser found that only five deaths were directly caused by Quattro leads, which St. Jude contends is a biased finding. Daniel Starks, CEO of St. Jude, told The New York Times that St. Jude has been “more transparent than [other companies]” about its leads, insinuating that Medtronic has not. This, Starks suggested, simply makes St. Jude look worse than their competitors, and may have affected the study. Starks also suggested, along with other executives, that Medtronic has begun a “whispering campaign” about its other product, the Durata lead.
St. Jude has had the Durata lead on the market for several years now. It claims the Durata has an extra coating of insulation that prevents wire exposure.
Medtronic, for its part, told Medical Product Outsourcing that these accusations from St. Jude are not new.
“From the very beginning of their issues with their leads, St. Jude has been making claims that this is nothing more than a marketing campaign by Medtronic. However, the timeline of events clearly tells a different story,” said Medtronic spokesperson Christopher Garland.
Some experts have found that St. Jude has been less than forthcoming about the risk of its products. St. Jude’s advisory letter to physicians in 2010 stated a 0.47 percent chance of Riata wire exposure, while other researchers independent of the company put that number closer to 30 percent. A summer 2011 paper published by physicians in Northern Ireland cited a 15 percent Riata failure rate. That November, St. Jude issued another letter providing updated estimates of Riata lead failures.
“They have at multiple steps underplayed the gravity of the situation,” said Kenneth Ellenbogen, M.D., medical device expert and chairman of the Division of Cardiology at the Virginia Commonwealth University Pauley Heart Center in Richmond, Va. He often acts as a consultant for St. Jude and its competitors.
In an attempt to demonstrate transparency while simultaneously revealing what it sees as bias in Hauser’s study, St. Jude independently searched the U.S. Food and Drug Administration’s (FDA’s) Manufacturer and User Facility Device Experience Database (MAUDE), the device database Hauser used to gather information. The company found 74 Riata lead-related deaths, while Hauser reported finding only 71 (related deaths are different from deaths directly caused by the device). At the same time, St. Jude claims it found 377 Quattro lead-related deaths, while Hauser reported only 62. St. Jude also points out that the comparison between Riata and Quattro leads is an unequal one, considering the two leads are insulated by different materials—Riata leads by silicone and Quattro leads by polyurethane. Finally, St. Jude notes that the FDA specifically states on its website that MAUDE is “not intended to be used either to evaluate rates of adverse events or to compare adverse event occurrence rates across devices,” making Hauser’s use of the data, according to the company, inappropriate.
In addition, the FDA includes a disclaimer that states the reports submitted to the database “[do] not necessarily reflect a conclusion by the party submitting the report or by FDA that the report or information constitutes an admission that the device, or the reporting entity or its employees, caused or contributed to the reportable event.”
Despite these disclaimers, a quick search of the HRJ database shows that it is not uncommon for researchers to use MAUDE as a tool for research.
St. Jude Medical said in a statement that the company has spent more than 300 hours trying to replicate the numbers Hauser came up with in his study, but hasn’t been able to. St. Jude found “duplicate reports, inconsistent categorizations and failures to include all available reports.”
HRJ rejected the request for retraction, insisting the article in question had undergone review by experts before publication.
In the company’s 2012 first-quarter earnings report conference call, held April 18, Starks said the company is doing just fine in the wake of this uncomfortable period. Revenues are healthy, and in regard to the heart market, St. Jude “actually had a few more active United States ICD (implantable cardioverter defibrillator) accounts in the first quarter of 2012 than [it] did in the first quarter of 2011.”
E.U. Clears JNJ Acquisition of Synthes
It worked. After unloading its DePuy Orthopaedics Inc. trauma division to make way for Synthes Inc., Johnson & Johnson (JNJ) has won the approval of European antitrust authorities to go through with the acquisition. DePuy is being acquired by Warsaw, Ind.-headquartered Biomet Inc.
JNJ announced its intent to buy Switzerland-based orthopedic device company Synthes almost a year ago, but European regulators feared the move would give JNJ a virtual monopoly in the orthopedics sector. JNJ wanted to fold Synthes into DePuy Orthopaedics to create, according to the company, possibly the world’s largest orthopedics business.
“The proposed acquisition would remove a competitor from some markets which are already concentrated,” Joaquin Almunia, the antitrust chief in the European Union (EU), said in a prepared statement last fall when regulators began their investigation of the proposed merger. “The commission needs to make sure that effective competition is preserved in order to maintain innovation and prevent harm to patients.”
Facing such scrutiny from the European regulators, JNJ decided to sell its DePuy unit, a compromise that has proven successful.
According to a statement released April 19 by the commission, its concerns were based on “very high combined market shares of the merging entities in these markets, the rather mature character of the products, and the strong position of the AO Foundation, a highly reputed Swiss-based surgeon-led organization with an exclusive relationship with Synthes.”
Though it has been approved, the acquisition still may prove troublesome for JNJ. Synthes has had its fair share of legal trouble—in 2009, the company settled charges with New Jersey prosecutors that its clinical investigators did not disclose their financial interests; and late last year, Synthes sued several former employees and their hiring companies, claiming raids on staff, breaches of confidentiality agreements, and violations of patents. Even as recently as last month, the company and four former executives were sued in California by the families of two patients who died on the operating table allegedly from the misuse of bone cement the company had developed. Several executives who admitted their involvement in an illegal clinical trial of the bone cement have been sent to jail.
Of course, it’s worth noting that DePuy has been fighting criticism due to its metal-on-metal hip implants that were recalled en masse in 2010. The hip implants gained a lot of attention for leaving metal debris in the implant area. There still are patients currently using the device, and David Floyd, DePuy president at the time of the recall, acknowledged that use would be a concern.
Now that the acquisition deal has materialized, Synthes’ baggage is now JNJ’s. The healthcare conglomerate, however, hopes to gain a stronghold in the trauma sector that it didn’t have before, so the payoff could be worth it.
“We are pleased the European Commission has granted conditional clearance of Johnson & Johnson’s acquisition of Synthes,” JNJ spokeswoman Lorie Gawreluk told Medical Product Outsourcing. “We expect to fulfill our commitment to the Commission with the divestiture of the DePuy Orthopaedics Trauma business to Biomet in the second quarter of 2012, upon receipt of regulatory approvals and other customary closing conditions. The merger agreement requires clearance from five regulatory bodies prior to closing. To date, we have received clearance from four of those bodies, representing Japan, Canada, China and the E.U. We are actively working with U.S. regulatory authorities and continue to expect the transaction to close in the second quarter of 2012.”
The outside date is set at June 25.
The Biomet acquisition of DePuy is valued at $280 million, while Synthes will be sold to JNJ for $21.3 billion.