
Medical Device R&D and Manufacturer

Cardiac System Medical Device Developer

Pioneer in Medical Device Media Reports
Share Professional Medical Device Knowledge
2025Year10Month10Day,U.S. Food and Drug Administration (FDA) Issued an urgent recall announcement,Request Johnson & Johnson Medical Technologies to automaticallyImpellaController (AIC) ImplementationILevelRecall——This is the highest level of medical device recall category,Which means that if no measures are taken, it may cause serious harm or even death to the patient.This recall stems from a significant cybersecurity vulnerability in the device, which could be exploited by hackers to affect the device's essential performance.

AutomaticImpella The controller isImpella The main user control interface of the catheter. It controlsImpella Catheter and monitor the catheter for alarms.Impella The therapy aims to reduce the workload on the heart and provide support to the circulatory system, allowing the heart time to recover.

Abiomed Cybersecurity vulnerabilities have been identified, which have unacceptable residual risks associated with network and physical access.TheseVulnerabilityMay be damaged and lead to affecting automaticImpella Controller (AIC) Uncontrolled risk of the operating system。If the discovered cybersecurity vulnerabilities are exploited, it may affectAIC Basic performance.This may lead to loss of hemodynamic support due to device runaway or unexpected pump stop, which may result in life-threatening injury, permanent damage, or death.
To date, no cyber attacks related to the identified vulnerabilities or harm to patients have been reported.
The following products are involved in this recall:

According toFDADisclosure,The vulnerability was discovered during Johnson & Johnson's internal security assessment, involving more than1010,000 units deployedAICEquipment. This TimeRecallInstead of requiring medical institutions or patients to return the equipment, it is required to store the equipment in a secure network environment.。Johnson & Johnson will proactively contact all affected customers to assist in disabling the device's network functions and implementing risk mitigation measures, while also making a commitment."Provide updated information after the deployment of further protective measures."
FDAIn the announcement, medical institutions were especially reminded to immediately review the network connection permissions of the equipment and follow the temporary protection guidelines provided by Johnson & Johnson. As the investigation deepens,FDAIndicates that more technical details and long-term solutions will be announced at an appropriate time.
2022Year11In the month, Johnson & Johnson announced with166Acquisition of the Only Leader in Interventional Cardiac Pumps for $100 MillionAbiomed, marking the largest acquisition deal in the company's history.AbiomedWith its interventional heart pump "Impella"Renowned worldwide, this product is currently the only one globally to have obtained approval from the United StatesFDAApproval, applicable to high-riskPCIPercutaneous cardiac pump technology for patients with severe coronary artery disease (percutaneous coronary intervention), acute myocardial infarction cardiogenic shock treatment, or right heart failure.AutomaticImpellaController (AIC) asImpellaThe core control unit of the heart pump, previously byAbiomedCompany R&D,AcquisitionLater, the relevant technology was integrated into the Johnson & Johnson Medical Technology Department.

This isFDAThe fourth time within three months targetingAICDevice Issues Severe Safety Warning. The three previous risk events included: connection failure-inducedIClass recall, individual cases caused by manufacturing defectsIClass Recall,And still under investigation"Clear Retainer Fault" Mode.FDAIt is emphasized that although no actual cyber attack incidents related to this vulnerability have been discovered so far, the potential risk has reached the highest alert level.
Johnson & Johnson Medical Technology Company stated in its response:"Patient safety is always the top priority, and all affected customers have been notified." The company emphasized,AICThe device has been clinically applied for over15Year, no cybersecurity incidents have been reported to date, and "it can continue to be used during the implementation of risk mitigation measures."
Cybersecurity experts pointed out that cyberattacks on medical devices could lead to ransomware attacks or patient data breaches, highlighting once again the security challenges faced by Internet of Medical Things (IoMT) devices.In this field, Device Home will continue to pay attention.
More exciting content
Welcome to follow WeChat Video Channel



BusinessBusiness cooperation email: qxzj@landianyiliao.com


