Updates

Software in Medical Devices – Update for Q1/Q2 2025

Software in Medical Devices – Update for Q1/Q2 2025

The past year, as in previous years, life has not been easy for many reasons.

In the past 3 years, the FDA has been moving forward with new standards. The MDR/IVDR is still happening but is moving slowly. There is a major backup in getting to the notified body.

This is a continuation of the software updates I have been sending out. Please check out all the references for download and/or purchase. If you have any questions, please contact us.

Software is everywhere in medical devices and IVDs. The FDA and CE are becoming more pedantic in how they review and relate to software. The number of companies getting into the field is growing and the amount of software being developed for medical devices is exceptionally large (especially the number of companies involved with AI/ML).

The FDA has been very critical of the software documentation and the cybersecurity documentation when reviewing a submission. The better the documentation, the less deficiencies are received.

 

Software Recalls Q1-Q2/2025

We have been following the recalls and there are a growing number of recalls listed where software played a role in the recall. It is interesting to note that software has been the leading cause of recalls in the FDA for the past 15 years. This trend does not look like it will change.

The following are additional examples of recalls involving software directly as listed on the FDA website, including Israeli developed software. There may be more but classified not under software. There are a large number of class I recalls after patients were severely injured. The descriptions given for the recall are taken from the FDA database. For further details on the recalls, you can check them out on the FDA’s recall database.

Please note that the content for each recall is taken from the FDA database and is not our content.

  • Tandem Diabetes Care, t:slim X2 Insulin Pump with Interoperable Technology & Tandem Mobi Insulin Pump with Interoperable Technology, Class I – A software defect in Version 7.9 of the pump software for Tandem t:slim X2 and Tandem Mobi pumps, when used with Control IQ+ technology, will cause the pump to incorrectly interpolate glucose trends when the Estimated Glucose Value (EGV) is above 255 mg/dL at the start or end of a gap in data collection due to a lapse in connection from a paired continuous glucose monitor (CGM) sensor, which can lead to under-delivery or over-delivery of insulin based on inaccurate result leading to severe cases of hypoglycemia or hyperglycemia.
  • Fresenius Kabi USA, Ivenix Infusion System (IIS), Class I – Large Volume Pump Software, version 5.9.2 and earlier has potential for the following anomalies: 1. The pump may become nonfunctional if during an alarm condition the Pause Audio option is repeated 70 time or more. 2. If a secondary infusion is started at the exact moment a primary infusion completes and VTBI reaches 0, it will switch to primary. The primary infusion will infuse at the previously programed primary rate and continue until the infusion is stopped or the bag is empty.
  • Smiths Medical ASD, CADD Solis HSPCA Pump, Class I – Pumps may experience Wireless Connection Modules intermittent connection alarms, which will interrupt an active infusion. Interruption or delay of therapy can lead to serious patient injury or death.
  • Zyno Medical, Z-800WF Infusion System, Class I – Unreleased software versions were installed on distributed devices without verification or validation.
  • Baxter Healthcare, Welch Allyn Life2000 Ventilation system, Class I – A cybersecurity vulnerability was discovered through internal testing.
  • CareFusion 303, BD Alaris Systems Manager, Class I – Potential for inaccurate measurement of the patient circuit compliance during the patient circuit test due to combination of incorrect pre-use leakage test and use of an incorrect active humidifier.
  • Maquet Critical Care, Servo-u Ventilator System, Class I – Software issue that may result in outdated automated programming request(APR) being sent to the progressive care unit (PCU).
  • Baxter Healthcare, Baxter Novum IQ LVP INFUSION SYSTEM, Class I – There is a the Novum IQ LVP due to the potential for underinfusion following use of the “standby mode” feature or if the device is powered off with the set loaded.
  • Smiths Medical ASD, CADD-Solis HPCA Ambulatory Infusion Pump, Class I – Affected pumps may trigger an erroneous (false) Upstream Occlusion Alarm under certain conditions, which will interrupt an active infusion. Interruption or delay of therapy can lead to serious patient injury or death.
  • GE Medical Systems China, CARESTATION 750c A2, Class I – GE HealthCare has become aware that certain Carestation 620/650/650c and 750/750c Anesthesia Delivery Systems will not provide effective ventilation in Volume Control Ventilation (VCV) mode. In these systems, effective ventilation can be achieved in Pressure Control Ventilation (PCV) or Pressure Control Ventilation Volume Guarantee (PCV-VG) modes or with Manual ventilation.
  • CareFusion 303, BD Care Coordination Engine (CCE) Infusion Adapter, Class I – Software issue that may result in outdated automated programming request(APR) being sent to the progressive care unit (PCU).
  • CareFusion 303, CCE Enterprise SW & BD Pyxis MedStation 4000 Main & others, Class II – During automated dispensing cabinet upgrade/ installation/ reimaging, component manager was left in installed mode, and if a Microsoft patch is then installed this may lead to an error preventing user access to the dispensing software application, which may lead to delay in access to medications/supplies, and delivery/replenishment of patient specific orders; which may lead to delay in patient care.
  • ICU Medical, LifeShield Drug Library Management (DLM) & LifeShield Infusion Safety Software SUite, Class II – Firm has identified Drug Library Management defects in the software: 1) DLM software does not allow user to create percentage dose rate or rate change values with certain limits, potentially resulting in over-delivery to patient. 2) An unauthorized user may modify and approve a drug library, potentially leading to incorrect program parameters being used for therapy.
  • Tornier S.A.S., Blueprint Software, Class II – A software bug in Blueprint version 4.2.1 prevents users from accessing cases initiated in previous versions of the software.
  • Siemens Healthcare Diagnostics, Atellica CH Revised C Reactive Protein (RCRP), Class II – Incorrect software flagging may occur for the assay that may potentially lead to an erroneous result.
  • Medimaps Group, TBS iNsight, Class II – Potential variability in calculations from fast array scans compared to array scans when operating on Hologic Horizon machines.
  • Ortho-Clinical Diagnostics, VITROS 3600 Immunodiagnostic System, Class II – The VITROS 3600 Immunodiagnostic System software versions 3.8.0 may not correctly notify users if the Signal Reagent Pack exceeds the on-board and/or shelf-life expiration date. This could result in the use of expired products, which would increase the risk of no results or erroneous results from the instrument.
  • Ortho-Clinical Diagnostics, VITROS 5600 Integrated System, Class II – The VITROS 5600 Integrated System software versions 3.8.0 may not correctly notify users if the Signal Reagent Pack exceeds the on-board and/or shelf-life expiration date. This could result in the use of expired products, which would increase the risk of no results or erroneous results from the instrument.
  • Ortho-Clinical Diagnostics, VITROS XT 7600 Integrated System, Class II – The VITROS XT 7600 Integrated System software versions 3.8.0 may not correctly notify users if the Signal Reagent Pack exceeds the on-board and/or shelf-life expiration date. This could result in the use of expired products, which would increase the risk of no results or erroneous results from the instrument.
  • Cardinal Health 200, Kendall SCD Comfort Sleeves, Class II – Incorrect software logic may cause frequent E1 errors (system high pressure). Issue may cause delay in treatment or therapy.
  • Abbott Laboratories, CELL-DYN Ruby, Class II – When expired reagents are scanned or manually entered, the system will change the expiration date to current or future date without notifying user that an expired reagent is being used. Use of expired reagents is against the guidelines of the Operator’s Manual.
  • Medtronic Xomed, NIM Vital Nerve Monitoring System, Class II – Nerve Monitoring System with certain software versions has potential for increased stimulus artifact, which may require troubleshooting, and may lead to procedure delay, extubation, and medical intervention.
  • FUJIFILM Healthcare Americas Corporation, Synapse PACS Software, Class II – The incorrect computed patient age is showing in VX for patients less than 3 months old.
  • Beckman Coulter Laboratory Systems, DxC 500 AU Clinical Chemistry Analyzer, Class II – Beckman Coulter has identified an issue which prevents the DxC 500 AU instrument from providing the correct onboard stability (Open Expiration) dates for assays that were loaded prior to a software upgrade (e.g. 1.3 to 1.4, 1.4 to 1.4.1, etc.). As a result, assays that have expired may still be used for sample processing, leading to inaccurate or erroneous patient test results. The issue only happens on assays loaded before instruments doing upgrades and does not impact new installation. It does not impact the assays loaded after upgrade.
  • Spacelabs Healthcare, Xhibit Telemetry Receiver with Software, Class II – Telemetry receivers with affected software versions may experience unsolicited system shut down and restart (Offline displayed), lasting approximately 1 to 1.5 minutes, which will cause temporary loss of monitoring. If a clinical event occurred during this period, staff may not detect until the system restarts and necessary clinical intervention could be delayed.
  • Change Healthcare Canada, Change Healthcare Cardiology Hemo Software, Class II – Due to complaints, software update may cause software to unexpectedly shutdown.
  • Ortho-Clinical Diagnostics, VITROS 4600 Chemistry System, Class II – A software anomaly allows test results to be reported using Micro Tip and Micro Slide diluent packs that the system treats as expired even when the Use Expired Reagents setting is not enabled if a shelf expiration date is omitted during manual loading. The issue was identified by a customer complaint, in which a CREA Urine test was processed with an RE (Reagent Expired) code, even though the diluent pack was not expired and the use-expired-reagents setting was disabled. This can result in erroneous test results and/or delaying test results.
  • Beckman Coulter, REMISOL Advance, Class II – Due to a software issue, the software may incorrectly process the date of birth (DoB) received from the Laboratory Information System (LIS) and when the DoB is set to 01/01/1900 or left empty, REMISOL Advance may incorrectly identify a patient as a newborn, affecting the execution of validation rules based on incorrect reference ranges. The test results are not changed by this software defect and are accurately displayed by REMISOL Advance; however, the evaluation flagging of the results may be affected. This issue may lead to wrong reference range calculations and can result in erroneous flagged results being auto validated and uploaded to LIS.
  • Insulet, Omnipod 5 Automated Insulin Delivery System, Class II – Insulet Corporation is recalling Omnipod 5 iOS App, due to a software design issue in which a comma is not recognized as a decimal separator and the user cannot enter a decimal separator in any manual entry screen if the user manually updates their phone settings to a region OUS that uses a decimal separator instead of a period decimal separator or chooses that format as a preference. Use of the affected software may result in over delivery of insulin by increasing the amount of insulin when a decimal separator is not recognized (e.g., 0.1 unit recognized as 1 unit) and thus may result in hypoglycemia, potentially severe.
  • Bigfoot Biomedical, Bigfoot Unity Diabetes Management System, Class II – Due to a software/firmware issue diabetes management system may provide a device error and cause the insulin pen to become unresponsive and unable to function. This error may pose a potential health risk for people living with diabetes as they may not have all information necessary to make a timely treatment decision.
  • Mobius Mobility, iBOT PMD with software, Class II – Software issue that could potentially lead to the device tipping over from Balance Mode.
  • Beckman Coulter, DxI 9000 Access Immunoassay Analyzer, Class II – Analyzer has calibration issues where curves switched from passed to failed due to system errors during aspiration. This anomaly causes erroneous results and delays if unnoticed. RLU values may be misinterpreted as valid measurements by LIS.
  • Turncare, Guardian 2 System, Class II – A software update corrected an issue where “low” and “terminal” battery alerts did not display on the screen to the user in specific circumstances when the device was not running patient therapy.
  • Philips Medical Systems, Azurion R1.x and R2.x systems, Class II – A software issue was identified in the internal communication process between the system software and the X-ray generator firmware. Loss of imaging (X-ray) functionality caused by the software issue in either of the two situations identified could result in a delay of therapy. The potential delay may result in serious adverse health outcomes, including the possibility of death, especially when the system is used with patients undergoing complex and/or urgent interventions for potentially life-threatening conditions (e.g., acute ischemic stroke, ST-segment elevation myocardial ischemia, life-threatening bleedings).
  • GE HealthCare Service, MUSE 5 Systems, Class II – The MUSE Administrator Account active directory or local credential could potentially be used from your local network to log into a GE HealthCare MUSE 5 system and potentially manipulate recorded patient data.
  • Beckman Coulter, DxI 9000 Access Immunoassay Analyzer, Class II – A new software update (v1.20) is introducing error codes for the Dxl 9000 which prevents the assay from being performed and a delay in results from being generated, and may require field service to resolve the delay.
  • Virtual Incision, Mira Surgical System, Class II – The MIRA Surgical System Software Version 4.0.3 loaded on the Surgeon Control Console may have the potential to exhibit interrupted motion on the display screen, caused by a software latency between the movement of the hand controllers and the movement of the Surgical Minibot arms.
  • Dexcom, Dexcom G7 iOS Application, Class II – A bug in the 2.7.0 version of the G7 iOS App can cause the app to enter a state where it stops updating the estimated glucose value (EGV) and continues to show this stale EGV. If the user is unaware that the EGVs are not being updated and that glucose alerts will not trigger, there is potential for the missed detection of a hyperglycemic or hypoglycemic event or a treatment decision made based off incorrect data. There is no impact to transmitter communication with concurrently connected displays. A concurrently connected receiver, Apple Watch, and/or insulin pump will continue to receive EGVs directly from the transmitter when the app is in the problematic state. There is no impact to Automated Insulin Dosing (AID) therapy as the AID system continues to receive EGVs directly from the transmitter.
  • Foundation Medicine, FoundationOne Companion Diagnostic, Class II – An incorrect negative claim was identified on the claims page; the device variant information was displayed correctly in the tumor profiling section of the FDA-approved test report.
  • C-RAD Positioning, Catalyst+, Class II – Software issue with scanning equipment that can results in the filed rotation not being applied correctly.
  • Echopixel, True 3D Viewer System, Class II – Imaging system data may be displayed with an incorrect orientation (sidedness) where the patient side is not correct (left, right, superior, inferior, anterior or posterior). This may lead to an inaccurate measurements.
  • Philips North America, SmartPath to dStream, Class II – Potential for alignment errors in the cross reference line functionality when reviewing images generated with the MobiView application.
  • Philips North America, pgrade to MR 7700, Class II – Potential for alignment errors in the cross reference line functionality when reviewing images generated with the MobiView application.
  • Beckman Coulter, Arial DxC 500 AU Clinical Chemistry Analyzer, Class II – Beckman Coulter is recalling their DxC 500 AU Clinical Chemistry Analyzer because a software error causes the analyzer to not run a requested calibration order in the following scenario: when a reagent blank or calibration is ordered during sample processing and then any of the components (R1 and/or R2) depletes to zero tests, the analyzer will not be able to complete the calibration request, and the calibration order will remain pending. No further calibration orders can be processed for any assays, and the instrument refuses to accept further sample processing order after the existing calibration curves are expired. Although in-process tests will be completed, this error can cause a delay in reporting subsequent test results. No further calibration orders can be processed for any assays which may cause a delay in reporting test results.
  • Contec Medical Systems Co., CMS8000 Patient Monitor, Class II – Patient monitor has nine identified cybersecurity vulnerabilities.
  • Remote Diagnostic Technologies, Philips Tempus Pro Patient Monitor, Class II – Patient Monitor software update to address issues:1)May freeze at startup with MPM Application error and Attention Restart Required messages,2)Monitor may freeze and reboot at start of 12-lead ECG or after, 3)May reboot after intermittent connection with Smart Mount, 4) 12-lead ECG measurements with Louvain algorithm and software before vx.36 could produce inaccurate rhythm/morphology statements.
  • IBA Dosimetry, myQA iON, Class II – Wrong analysis results can occur if the user creates two structures with the same name, except for one differing by a special character.
  • Beckman Coulter, DxI 9000 Access Immunoassay Analyzer, Class II – When DxI 9000 Access Immunoassay Analyzer is connected to a host system (laboratory information system (LIS) or middleware) and has accumulated canceled QC test results that were not sent by LIS, the analyzer may lose communication with the host system. The lost connection interrupts sample processing, which delays reporting patient test results and may subsequently delay patient treatment.
  • Philips North America, Brilliance CT Big Bore, Class II – Unintended motion issues related to Interventional Control that may lead to collision of the Gantry/table with the operator or patient.
  • Philips Medical Systems Nederland, Zenition 70, Class II – Philips has become aware of the potential for unintended radiation exposure with Zenition 70 systems with Vascular Extension option and a Wireless Foot Switch.
  • CareFusion 303, BD PYXIS MEDBANK, Class II – Users trying to restock a single bin location of an automated dispensing cabinet, during pocket exchange restocking workflow, may experience a software issue that results in 2 destock transactions and 2 stock transactions, which results in doubling the bin quantity, which may result in a delay in access to desired medications and/or supplies, which may lead to temporary body function impairment.
  • Beckman Coulter, DxC 500 AU Clinical Chemistry Analyzer, Class II – Beckman Coulter has determined that device software versions V1.3, V1.4, V1.4.1, V1.4.2, V1.4.3. have a defect due of which, when all constituent tests of a calculated result are rerun, either manually ordered by the operator at the analyzer or automatically triggered by predefined rules in System Configuration, the calculated result will not be recalculated using the constituent tests rerun results. The system will report only the calculated result using the initial constituent tests results to the operator and LIS/Remisol. The issue was identified by Beckman Coulter internal engineering testing. The defect may cause a delay in reporting patient results.
  • PYRAMES, Boppli: Bedside Device Kit, Class II – Single-use battery-powered blood pressure monitor, for use on neonates and infants, due to vibratory noise, may not adequately detect changes in blood pressure per specification. Containment actions: 1) Ventilator lines not to touch the isolette (e.g. mattress, side rails, pillow) or patient, 2) Move affected monitor to patient’s foot.
  • Terumo Cardiovascular Systems, Terumo CDI OneView Monitoring System Hematocrit / Oxygen Saturation Probe, Class II – During some clinical cases, it has been observed that the SO2 value may periodically appear as dashes on the Touchscreen Display indicating unavailable data. In these cases, a yellow low-limit alarm will also be triggered to the user, due to the dashed-out value.
  • GE Healthcare, GE Healthcare Centricity Universal Viewer, Class II – There is a potential security vulnerability in Centricity Universal Viewer (UV), Centricity PACS-IW (PACS-IW), Centricity Radiology RA600 (RA600), & Centricity Cardiology CA1000 (CA1000) where the service login credentials are able to be identified which could allow a malicious actor with these credentials to access the system and potentially manipulate patient data.
  • Jude Medical, CardioMEMS Heart Failure (HF) System, Class II – Due to issues associated with data migration of patient information and results to a Cloud service, the firm has received complaint associated with some patient profile information being duplicated while other patient information is missing.
  • Baxter Healthcare, Baxter Mobile column TruSystem 7500 U, Class II – There is a software issue which causes the upper back section to not be operable/adjustable when the “emergency mode” function is enabled.
  • Merge Healthcare, VERICIS, Merge Cardio, Class II – When following a specific less typical workflow in which the user remeasures using the ultrasound device or manually edits primitive or derived measurement values directly in Clinical Reporting, derived measurements may be inconsistent with the associated primitive measurements in the final patient report.
  • Brainlab, Origin Data Management, Class II – Under certain circumstances, it can occur that patient records from unrelated individuals are automatically merged into one patient record without user notification.
  • Telcare, Philips Connected Blood Glucose Meter, Class II – Telcare, has received customer complaints related to battery expansion/swelling for its Philips Connected Blood Glucose Meter (i.e., BGM 4 brand name) Monitoring System. The issue was identified by post market surveillance data (customer complaints) – events of battery expansion/swelling and associated symptoms, e.g., leading to the device’s removable back cover (battery port) to separate. If there is a loss of primary function of the device due to the described device defect, an immediate health consequence that may result is prolonged hypoglycemia or hyperglycemia due to delay in treatment, as the blood glucose measurement is not available to guide treatment. In a worst-case situation, there is potential for battery swelling to result in explosion of the battery and/ or device. Exposure to explosion, and subsequently projectiles from the explosion, may result in several immediate health consequences, including concussion, headache, dizziness, eye irritation, blurred vision, eye injury, and vision impairment.
  • Alcon Research, Alcon Custom Pak with Non-Latex Symbol, Class II – Customer-designed sterile surgical procedure packs contain latex components as specified; but, the content label sealed within the transparent sterile pouch contains the symbol for a latex-free product. If users or patients with latex sensitivity come into contact with latex, an allergic reaction may occur.
  • MIM Software, MIM Anyware, Class II – In situations where two images with differing Fields of View (FOV) complete an image fusion, an incorrect, elevated Maximum Standardized Uptake Value (SUV) within MIM Software versions 7.2.0 through 7.2.6.could result.
  • Philips Medical Systems Nederland, IntelliSpace Cardiovascular software, Class II – Study data is not able to be archived, copied, or exported with the cardiovascular software version.
  • GE Healthcare, SIGNA Creator, SIGNA Explorer, NMRI systems, Class II – For certain MR systems, a scan can be resumed following a Power Monitor trip when the “6-minute average SAR” is above the limit indicated on the “SAR Display”. The user interface may incorrectly enable a scan to proceed earlier than intended. If resumed by the operator, such a scan can result in potential excessive tissue heating, especially if the patient is in contact with a conductive material or has an implant.
  • INTELERAD MEDICAL SYSTEMS, IntelePACS, Class II – A software application that receives digital images and data from various sources has a bug in specific software versions that will calculate the Standard Uptake Value (SUV) incorrectly for PET/CT studies acquired on the days of Daylight Savings Time (DST); only on dates in which DST transition occurs; all other dates are unaffected. An incorrect SUV may lead to an incorrect diagnosis.
  • Dexcom, Dexcom G6, Continuous Glucose Monitoring System, Class II – Under very rare situations, the Dexcom G6 touchscreen receiver may not provide high or low glucose alarms/alerts as designed, which can result in two different conditions. First, if a receiver operating system .net error occurs when an alarm/alert should be triggered, the initial alarm/alert will not be delivered until a subsequent alarm/alert is triggered. At that time, the initial alarm/alert is delivered, but not the second one. Alarm/alerts will continue to be delayed and be one alarm/alert behind, causing delayed alarm/alerts until the receiver is reset. This condition could result in the missed detection of a hyperglycemic or hypoglycemic event. Second, a single EGV reading may be delayed for 5 minutes after the initial .net operating system error. If the user receives a single EGV reading delayed by 5 minutes, the delay is not expected to cause user harm.
  • Murata Vios, Vios Monitoring System Bedside Monitor, Class II – A premature failure condition was identified with the L2050R pulse oximeter SpO2 sensor that connects to the L2050G Vios chest sensor device. When a failure occurs, a Pulse Ox Sensor Offwarning condition will be incorrectly displayed by the system.
  • Elekta, MOSAIQ Oncology Information System, Class II – Image offsets calculated by oncology Information System software may be incorrect for Linear Accelerator (LINACs) not characterized at IEC61217 scale.
  • CareFusion 303, Pyxis MedStation ES, Class II – Software issues could potentially result in: 1) delays in accessing dispensing software application, 2) wrong therapy (dose, item, timing, etc.), or 3) unauthorized access and/or compliance related issues.
  • Beckman Coulter, DxI 9000 Access Immunoassay Analyzer, Class II – A software error caused an increase in tray gripper motion errors that causes intermittent hard stops and a delay in patient results.
  • Philips North America, IntelliVue Patient Monitor MX450, Class II – Potential failure to alarm for “No Device Data” INOP. The device to alarm after a Hamilton ventilator is disconnected from the EC10 Module or IntelliBridge I/O board.
  • Sysmex America, Sysmex PS-10 Sample Preparation System, Class II – Sysmex was made aware of a report of false results due to carry-over caused by the sporadic omission of the probe wash step during antibody pipetting on the PS-10 Sample Preparation System.
  • Murata Vios, muRata Vios Monitoring System Model 2050, Class II – During the set-up and workflow to begin Vios monitoring, it has been noticed that patient vital signs and ECG waveforms can become distorted and will flicker or flash very fast. This issue only occurs on the Central Station Monitor (CSM) in the patient tiles view and is not seen at any other point during patient monitoring & not on the Bedside Monitor.
  • A L I Technologies, Change Healthcare Cardiology Hemodynamics software, Class II – Software defect concerning autosave mechanism may result in the clinician administering incorrect medication(s).
  • GE Medical Systems, Portrait Core Services, Class II – There is a software issue that can result in the loss of patient monitoring on the Portrait Central Viewer Application after 425 days of continuous run-time.
  • CareFusion 303, BD Pyxis MedStation ES, Class II – Due to an automated dispensing cabinet software issue, when a medication single order contains more than one component and at least one is unavailable for a multi-item or combination order, the order may display as grayed out; alternate location tooltip will display “Server connection failed,” not listing other area devices where unavailable item(s) may be found, which may lead to delayed therapy.
  • GE Medical Systems, GE Healthcare LOGIQ F R3 Ultrasound System, Class II – GE HealthCare has become aware that the Estimated Fetal Weight (EFW) measurement data feature on the Versana Premier R3 and LOGIQ F R3 series ultrasound systems can display previous obstetric patient data in the Whizz report. This could potentially lead to an incorrect clinical decision due to inaccuracy in the fetal size and growth calculation.
  • Philips Medical Systems Nederland, IntelliSpace Cardiovascular, Class II – An issue was identified with the software when using the Echo Module of ISCV, the issue may result in missing or incomplete information in the report.
  • Siemens Healthcare Diagnostics, ADVIA 120/2120/2120i SETpoint Calibrator, Class II – Products have the incorrect platelet (PLT) value assignments for the ADVIA 120/2120/2120i Hematology Systems.
  • Ortho-Clinical Diagnostics, VITROS Chemistry Products, Class II – Lots from Generation (GEN) 15 of VITROS Chemistry Products OP Reagent may generate lower than expected quality control (QC) results. If the customer is unable to get passing quality control results, then the customer would be unable to run the OP-LO protocol leading to a potential delay in patient results.
  • Becton Dickinson, BD BACTEC” MGIT” 960 PZA Kit, Class II – BD has received additional complaints of intermittent false resistance results for PZA during susceptibility testing of Mycobacterium tuberculosis isolates.
  • ICU Medical, ICU Medical Plum Solos, Class II – Internal testing found that Plum Duo pumps with software version 1.1.1 have a workflow that may result in bypassing the Maximum Dose Limit alert. The Maximum Dose Limit is set in the LifeShield Drug Library Manager (DLM) within the LifeShield Medication Management Safety Software and specifies the highest dose at which the pump can be programmed for weight or BSA (body surface area) based medication rulesets. The limit can be configured for Dose, Loading Dose, and Bolus Dose.
  • Ortho-Clinical Diagnostics, Solana Bordetella Complete Assay, Class II – It was determined that there could be a false positive rate of up to 16.7% for the affected lots associated with the Bordetella parapertussis (BPP) results (only) of the assay.
  • QUANTUM SURGICAL, EPIONE Model 30-0001, Class II – Due to a software bug the robotic arm may incorrectly guide the instrument compared to the planning defined by user.
  • Abbott Molecular, Alinity m Resp-4-Plex Amplification (AMP) Kit, Class II – There were reports of an increase in reactive negative controls and false positive results.
  • Beckman Coulter, DxC 500 AU Clinical Chemistry Analyzer, Class II – The reason for the recall is incorrect sample barcode identification and processing errors that result in the reporting of erroneous and delayed results.
  • Medtronic Neuromodulation, Arial Ser Stimulation RC Clinician Programmer Applicationver Software, Class II – There is a software issue that can permanently disable communication with an implantable neurostimulator (INS) when a specific intraoperative programming sequence is used.
  • Medtronic Neuromodulation, A820 myPTM Software Application, Class II – Product complaints were received describing the A820 myPTM app taking longer than expected for patients to interact with their implantable pump.
  • RAYSEARCH LABORATORIES, RayStation, Class II – Inconsistency in the use of Density uncertainty in the RayStation functions Robust optimization, Robust evaluation and Compute perturbed dose for proton and light ion treatment plans when a HU-to-mass density CT calibration curve used in RayStation version 4.5 to 2024B including some service packs.
  • Jude Medical, Merlin.net Patient Care Network (PCN) Heart Failure Web Application, Class II – Due to a data migration from on-premises server to the cloud environment, some customers reported that they were not able to transmit readings.
  • Olympus Corporation of the Americas, SOLTIVE Pro SuperPulsed Laser System, Class II – Preset treatment parameters are not consistently being used in accordance with the IFU.
  • Spectrum Medical, Quantum Informatics – VIPER, Class II – Medical device software marketed without FDA clearance.

 

Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions

The FDA issued on 27 June 2025 the final guidance: Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions. This document provides the FDA’s recommendations to industry regarding cybersecurity device design, labeling, and the documentation that FDA recommends be included in premarket submissions for devices with cybersecurity risk.

This guidance also clarifies the FDA’s recommendations for cyber devices under section 524B of the FD&C Act for cyber devices. The guidance provides the following examples for internet connectivity requiring cybersecurity:

  • Network, server, or cloud service provider connections
  • Radio-frequency communications (e.g., Wi-Fi, cellular, Bluetooth, Bluetooth low energy)
  • Magnetic inductive communications (utilizes induced magnetic fields for short-range, low-power wireless data transfer)
  • Hardware connectors capable of connecting to the internet (e.g., USB, ethernet, serial port)

Where the previous guidance referred to reasonable assurance in the context of the safety and effectiveness of the device, the new guidance is explicit that manufacturers must demonstrate a reasonable assurance of cybersecurity of their cyber device.

https://www.fda.gov/media/119933/download

 

MDCG  2025-6: Interplay between the Medical   Devices Regulation (MDR) & In vitro Diagnostic Medical Devices Regulation (IVDR) and the Artificial Intelligence Act (AIA)

In June 2025 the MDCG released this document which provides a first set of answers to the most frequently asked questions related to the joint application of the Artificial Intelligence Act (AIA) and the MDR/IVDR for manufacturers. It is highly recommended reading for all who are involved in MDR/IVDR and have AI/ML in their device. For those that are not familiar with the AIA, it is an EU regulation concerning artificial intelligence establishing a common regulatory and legal framework for AI within the European Union. It is not specific for medical devices but very generic and relates to all AI applications.

 

Proposed changes to IEC 62304 Edition 2

  • Change of Scope – IEC 62304 is currently the standard for medical device software where IEC 82304 relates to heath software. Under the change, IEC 62304 will be the standard for all medical device and health software.
  • Risk Classification to Rigor Level – this new version of IEC 62304 replaces the three software safety classifications (Class A, Class B and Class C) with a two “rigor level” model. Effectively, this moves all Class B software into Class C (and all the extra requirements that come with it). While this simplifies the decision process for rigor level, this will add a large number of requirements and associated documentation for software currently under Class B.
  • Software Development Process – There are key revisions to the Software Development Plan, Software Requirements Analysis, and Software Architecture Design sections. These changes should enhance clarity and consistency in the software development lifecycle.
  • Removal of reference to ISO 13485 and ISO 14971 – This new version of IEC 62304 has removed any reference to ISO 13485 and ISO 14971 for two technical reasons:
    1. The new scope of the standard includes all health software, not just medical devices (SaMD and SiMD), and non-medical device health software is not obliged to follow ISO 13485 or ISO 14971, so they cannot be made a requirement of IEC 62304.
    2. IEC 62304 is a standard about how to design software and not how to meet general regulatory requirements. Does this mean medical device software developers can stop following ISO 13485 and ISO 14971? NO!
  • AI Health Software Development – There is only one AI-specific requirement with guidance for AI as a Medical Device (AIaMD) developers on how best to plan, assess and confirm their AI development.
  • Legacy Software – Legacy software was covered in section 4 of the standard and was over indulged. In the new version it has been moved to an Annex.
  • Maintenance vs Development – This new version of the standard makes clear the distinction between Software Maintenance and Development. This was the intent in the previous version but was not very clear about it. Development includes the creation of new software as well as the introduction of new features or changes to existing software, whereas Maintenance permits the developer to use a smaller process to implement rapid changes in response to urgent problems.

When will the changes to IEC 62304 come into effect? This new draft is proposed to be released by August 2026. Assuming this will be approved, we should see it sometime around 2028-2029.

 

FDA Recognized Consensus Standards

The following are the consensus standards recognized by the FDA in this first half of 2025 for STG #13 (software/informatics) :

  • FIRST  CVSS v4.0, Common Vulnerability Scoring System version 4.0
  • FIRST  CVSS v3.1, Common Vulnerability Scoring System version 3.1
  • AAMI  TIR45:2023, Guidance on the use of AGILE practices in the development of medical device software
  • IEEE  Std 11073-10425-2023, Health informatics – Device Interoperability Part 10425: Personal Health Device Communication – Device Specialization – Continuous Glucose Monitor (CGM)
  • IEEE  Std 11073-10419:2023, Health informatics – Device Interoperability Part 10419: Personal health device communication – Device Specialization – Insulin Pump
  • 11073-10103 Second edition 2023, Health informatics – Point-of-care medical device communication – Part 10103: Nomenclature – Implantable device, cardiac
  • IEEE  Std 11073-10406-2023, Health informatics – Device Interoperability Part 10406: Personal health device communication – Device Specialization – Basic electrocardiograph (ECG) (1- to 3-lead ECG)
  • IEEE  Std 11073-10417-2023, Health informatics – Device Interoperability Part 10417: Personal health device communication – Device Specialization – Glucose Meter

 

IEC 81001-5-1: Health software and health IT systems safety, effectiveness and security — Part 5-1: Security — Activities in the product life cycle

IEC 81001-5-1 is the standard for cybersecurity in medical devices. IEC 81001-5-1 is recognized as a harmonized standard under the Medical Devices Regulation (MDR). It provides guidance on cybersecurity and data protection for medical devices, aligning with MDR requirements to ensure device safety and data security.

 

MDCG 2025-4: Guidance on the safe making available of medical device software (MDSW) apps on online platforms

On 16 June 2025, the Medical Device Coordination Group (MDCG) published this guidance MDCG 2025-4 on the safe making available of medical device software (MDSW) apps on online platforms. This guidance seeks to clarify the obligations of app platform providers and define their regulatory roles under the EU MDR and the IVDR as well as the DSA1 with respect to MDSW.

 

ISO/IEC 42001:2023 – Artificial Intelligence Management System (AIMS)

ISO/IEC 42001:2023 is an international standard that specifies requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS) within organizations. 

 

Artificial Intelligence-Enabled Device Software Functions: Lifecycle Management and Marketing Submission Recommendations

The FDA issued this draft guidance the beginning of 2025 for comments. This guidance provides recommendations on the contents of marketing submissions for devices that include AI-enabled device software functions including documentation and information that will support the FDA’s review.

https://www.fda.gov/media/184856/download

 

Characterization Considerations for Medical Device Software and Software-Specific Risk

The IMDRF released this technical document on 29 January 2025. The purpose of this document is to promote and inform clear and accurate characterizations of medical device software, including developing an intended use/intended purpose statement. Additionally, it aims to introduce a general strategy for characterizing software-specific risks, drawing upon the essential components of a comprehensive characterization of medical device software.

Considerations for the Use of Artificial Intelligence to Support Regulatory Decision-Making for Drug and Biological Products

The FDA issued this draft guidance the beginning of 2025 for comments. This guidance provides recommendations to sponsors and other interested parties on the use of artificial intelligence (AI) to produce information or data intended to support regulatory decision-making regarding safety, effectiveness, or quality for drugs.

https://www.fda.gov/media/184830/download

 

Good machine learning practice for medical device development: Guiding principles

The IMDRF released this technical document on 29 January 2025. The 10 guiding principles for Good Machine Learning Practice (GMLP) presented in this document are a call to action to international standards organizations, international regulators, and other collaborative bodies to further advance GMLP.

 

Unique Device Identifier Requirements for Combination Products

The FDA issued this draft guidance in June 2025 for comments.

www.fda.gov/media/187245/download

 

How Frequently Can you Release Medical Device Software?

We have been asked numerous times by our clients: “How frequently can we release our medical-device software?” Usually, the person asking is a software-engineer who has used agile in another field and is used to frequent rapid releases.

The short answer is: You can release software updates as frequently as you want so as long as:

  • The changes don’t require regulatory submissions
  • You can produce all of the necessary design change documentation.

In practice, we’ve seen software development firms who can release updates as quickly as every two weeks. Usually, however, monthly or quarterly releases are more realistic.

If you need more information on this, please contact us.

Tools to Investigate

We are recommending the use of various tools in order to make the FDA/CE happy and, at the same time, improve the quality of the software. These tools include (but definitely not limited to):

  • AI for code reviews
  • Defect management
  • Code control
  • Static code analysis
  • Dynamic code analysis
  • Unit and integration testing
  • Continuous integration
  • Penetration testing
  • Functional safety
  • SBOM

When choosing the tools, check the local support. Even though everyone offers Internet support, nothing beats having the support done locally by someone who has the experience and speaks your language. For further information concerning the tools, please feel free to contact us and we’ll refer you to the tool vendors with the tools you need.

Various tools to think about (they cost a little money but will save much more):

  • Static Code Analysis – Parasoft, Coverity, Polyspace, SonarQube, Axivion, PQRA, Klocwork, Grammatech, LDRA, IAR C-STAT
  • SBOM – MergeBase, FOSSA, Sonatype, Insignary, Snyk
  • Defect management – Jira, Asana, Azure DevOps
  • Unit & integration testing – Cantata
  • Safe embedded operating systems – Seggar RTOS

If you need more information on the tools and where to purchase them (with support), please contact us.

 

Summary

There are many ways to screw up your software in the medical device whether it is embedded in dedicated hardware (also known as SiMD – Software in a Medical Device) or stand-alone health software (also known as SaMD – Software as a Medical Device). It doesn’t take too much talent to do this (as we all know) and companies are doing it daily. Many companies mess up royally and don’t know how to get out of the mess. In many cases, they don’t even know that they are in deep trouble until the recall is issued.

You can work properly without breaking the bank. There are many ways to handle the software development/maintenance life cycle and the software validation.

If there are any questions or requests, please feel free to contact us.

Mike

Related Posts

Back To Top
Search