FDA announces recall for Johnson & Johnson devices due to cybersecurity risk—customers urged to act
The U.S. Food and Drug Administration (FDA) has announced another new recall for Johnson & Johnson MedTech’s Automated Impella Controller (AIC) due to a significant cybersecurity risk.
“If the identified cybersecurity vulnerabilities are exploited, it may affect the essential performance of the AIC,” according to the FDA’s advisory.
At this time, no cyberattacks have been tied to this specific issue. This is the fourth time in three months the FDA has shared serious safety concerns related to these devices, which serve as the primary user control interface for Impella catheters.
No Impella devices need to be returned
This latest issue impacts more than 100,000 devices. Unlike many recalls, nothing needs to be returned to the manufacturer or removed from the market. Instead, customers are urged to keep AICs in a secure environment. Johnson & Johnson MedTech representatives will be reaching out to all customers to help them disable the device from the network and minimize any potential security risks.
This is a Class I recall, meaning the devices could result in serious patient injuries or even death if used without following the FDA’s instructions.
“More information will be provided when further mitigations are available to be deployed to resume network enablement,” according to the advisory.
Image courtesy of Johnson & Johnson MedTech.
Additional context from Johnson & Johnson MedTech
Johnson & Johnson MedTech shared a statement with Cardiovascular Business about this recall, noting that the cybersecurity vulnerabilities were identified during an internal assessment.
"Patient safety remains our priority, and all impacted customers have been notified," Johnson & Johnson MedTech told Cardiovascular Business. "While we take steps to mitigate risks, AICs can continue to be used as intended. AICs have been in clinical use for over 15 years with no reported cybersecurity incidents to date."
A recent history of safety concerns for Johnson & Johnson MedTech
The FDA has reviewed multiple safety risks with Johnson & Johnson MedTech’s AICs in recent months. There was a connection issue that resulted in a Class I recall, a manufacturing error that prompted a separate Class I recall and then a pattern of “purge retainer failures” that is still under investigation.
Johnson & Johnson acquired Abiomed in 2022
The Impella heart pumps and AIC technology were previously sold under the Abiomed brand before Johnson & Johnson acquired Abiomed in 2022 for approximately $16.6 billion. Following the sale, the company began operating under the name Johnson & Johnson MedTech.
Michael has more than 19 years of experience as a professional writer and editor. He has written at length about cardiology, radiology, artificial intelligence and other key healthcare topics.