Medical Device Recalls Surge in 2018 with Software to Blame
Posted May 22, 2018
Medical device recalls are getting bigger, more common, and increasingly software-based. That’s according to the most recent Stericycle Recall Index, a report that tracks product recalls.
According to the report, the number of medical device recalls in the United States spiked 126% and encompassed more than 208 million units in the first quarter of 2018. That’s more units recalled in a single quarter than were recalled all of last year, as well as the most recalled in a single quarter since 2005, Stericycle reported.
The most common issue was device software, which was responsible for 78 out of 343 recalls. That’s part of a trend, according to the report, as software issues have now topped the recall charts for eight consecutive quarters. The next most common issues leading to medical device recalls were mislabeling (73 recalls), quality issues (46 recalls), and being outside of specifications (33 recalls).
Why is medical device software such a major driver in device recalls? It may be because these devices are becoming more reliant on complex software to function, increasing the need for additional testing, said Stephen Grimes, managing partner and principal consultant for Strategic Healthcare Technology Associates, LLC. In addition, manufacturers are needing to respond to—and prevent—cybersecurity-related risks in their devices.
“As an increasing number of medical devices become software-based, it poses a significant challenge to the entire industry because of the correlation between software and cyber vulnerabilities, as well as the inherent difficulty in testing software for all possible failure modes,” Grimes said.
To help resolve these concerns, medical device manufacturers will need to improve their vigilance through greater premarket testing and postmarket management of software vulnerabilities, Grimes said. But the users of medical devices also have a role to play in ensuring that their devices’ software works as intended, by biding their time and staying in-the-know.
“Users may want to consider avoiding being among the first to acquire new technologies, thereby giving more adventurous buyers the opportunity to find and report software-related issues that are discovered soon after a new product’s release,” Grimes said. “Most importantly, users need to establish a process for monitoring manufacturers’ release of software updates/patches and for promptly applying these.”
Axel Wirth, a distinguished technical architect at Symantec in Cambridge, MA, added that as medical devices have grown more complex, the strategies that are used to test those devices were “outpaced by that complexity, resulting in less than desirable quality.”
As technology grows more interconnected, it will be important going forward to examine not just how well a device’s software works on its own, but how “all the various software components that comprise a device or system of devices will interact and work together reliably,” he said.
With Healthcare ‘Under Constant Cyberattack,’ HHS Releases Guidance
FDA Issues Cybersecurity Premarket Guidance
A ‘Whole Community’ Approach to Cybersecurity in Medical Imaging
‘Orangeworm’ Cyberattack Group Puts Healthcare Industry in the Crosshairs
Cybersecurity Series Brings Medical Device, Healthcare Delivery Industries Together