AAMI News July 2018

Software Implicated in Recall Spike

Medical device recalls are getting bigger, more common, and increasingly software based, according to the most recent Stericycle Recall Index. Based on this report, the number of U.S. medical device recalls spiked 126% and encompassed more than 208 million units in the first quarter of 2018. That’s more units recalled in a single quarter than were recalled all of last year, as well as the most recalled in a single quarter since 2005, Stericycle reported.

The most common issue was device software, which was responsible for 78 of 343 recalls. That’s part of a trend, according to the report, as software issues have now topped the recall charts for eight consecutive quarters. The next most common issues leading to medical device recalls were mislabeling (73 recalls), quality issues (46 recalls), and being outside of specifications (33 recalls).

Why is software such a driver in medical device recalls? It may be because these devices are becoming more reliant on complex software to function, increasing the need for additional testing, said Stephen Grimes, managing partner and principal consultant for Strategic Healthcare Technology Associates, LLC in Swampscott, MA. In addition, manufacturers must respond to—and prevent—cybersecurity-related risks in their devices.

“As an increasing number of medical devices become software based, it poses a significant challenge to the entire industry because of the correlation between software and cyber vulnerabilities, as well as the inherent difficulty in testing software for all possible failure modes,” Grimes said.

To help resolve these concerns, medical device manufacturers will need to improve their vigilance through greater premarket testing and postmarket management of software vulnerabilities, Grimes said. But the users of medical devices also have a role to play in ensuring that their devices’ software works as intended, by biding their time and staying in-the-know.

“Users may want to consider avoiding being among the first to acquire new technologies, thereby giving more adventurous buyers the opportunity to find and report software-related issues that are discovered soon after a new product’s release,” Grimes said. “Most importantly, users need to establish a process for monitoring manufacturers’ release of software updates/patches and for promptly applying these.”

Axel Wirth, a distinguished technical architect at Symantec in Cambridge, MA, added that as technology grows more interconnected, it will be important to examine how “all the various software components that comprise a device or system of devices will interact and work together reliably.”