Software in Medical Devices – Update for Q3/Q4 2024

• Baxter Healthcare Corporation, Welch Allyn Life2000 Ventilation System, Class I – The Life2000 ventilator may fail to initiate the Low Gas Pressure alarm if the pressure gas source (Life2000 compressor, oxygen cylinder or wall source) is not supplied to the ventilator before initiating therapy.
• Securitas Healthcare, Arial Server Software, Class I – Certain software versions will not notify end users of calls initiated by call points with the Arial Emergency and Nurse Call System.
• Nova Biomedical Corporation, StatStrip Glucose Hospital Meter System, Class I – A software bug within the Gen 2 StatStrip Hospital Meter firmware leads to transmission of erroneous glucose patient test results to a healthcare institution’s data management system (DMS) at healthcare sites using WiFi if a user navigates to the Review Results screen while the meter is in the process of transmitting the current glucose test result to the DMS. The risk of this software defect is erroneously high or low glucose results being documented in a patient’s medical record, which may lead to incorrect treatment.
• Fresenius Kabi USA, Ivenix Infusion System (IIS), Class I – The software has anomalies that have the potential to cause alarms, nonfunctioning pump, or unresponsive screen while continuing therapy. These could cause serious patient harm or death.
• Datascope, Cardiosave Rescue Intra-Aortic Balloon Pump, Class I – Firm has developed a software correction (Revision D.01) for outside the US to mitigate product problems that pose a risk of hemodynamic instability and failure of transmission of clinical data in Cardiosave Hybrid and Cardiosave Rescue Intra-Aortic Balloon Pump devices.
• Braemar Manufacturing, Monitoring Service Application, Class I – Not all Electrocardiogram (ECG) events received July 2022-July 2024 were not properly routed and subsequently reviewed due to an analysis step being disabled with the monitoring service application software.
• Securitas Healthcare, Arial Server Software, Class II – Certain software versions will not notify end users of calls initiated by call points with the Arial Emergency and Nurse Call System.
• Shimadzu Corporation Medical Systems Division, Trinias unity, Digital Angiography System with Catheterization Table, Class II – If digital angiography system is used with a specific catheterization table and the operator directs simultaneous movement of the table and the C-arm using direct memory, then direct memory button is released, the table may continue to move, which the operator can stop by pressing the stop button.
• GE Healthcare, Centricity Universal Viewer Zero Footprint Client, Class II – Footprint Client (ZFP) versions v6.0 SP9.x and SP10.x where the latest addended report is not shown by default to the user. The issue occurs when the addendum is created on the same day as the original report but at a different time, and only when launched on the following browsers: Internet Explorer 10, Internet Explorer 11 and Firefox.
• Ortho-Clinical Diagnostics, VITROS Immunodiagnostic, Class II – It was confirmed that fibrinogen in patient plasma samples precipitates out of solution upon the addition of folate stabilizer reagent as part of the pre-treatment process causing the increase in “TM5-4MB” condition codes which lead to a delay of results.
• Echonous, Kosmos on iOS impacting iOS, Class II – Ultrasound system has a bug in affected iOS software, which after DICOM export, can cause inaccuracy in postprocessed measurements done in 3rd party software, such as PACS or other post-processing software, which may lead to inaccurate diagnoses or treatment.
• 3M Company – Health Care Business, Clarity Precision Grip Attachments, Class II – Attachments may not mate with the tooth as intended in the digital treatment design.
• LivaNova Deutschland, Essenz HLM, Class II – Heart-Lung Machine GUI touchscreen may go dark for 10-15 seconds, safety/performance functions remain operational before reset, control maintained through backup control panel, but second reset may occur, may lead to gas blender standby, then gas blender must be reactivated using user interface on blender, sensors deactivated until new case started; GUI reset can lead to Hypoxia and Hypoperfusion.
• Shimadzu Corporation Medical Systems Division, SONIALVISION G4 is a multi-purpose X-ray R/F system, Class II – X-ray R/F system software with certain versions of the control board may occasionally fail to display images when switching from Fluoroscopy mode to Radiography mode, which may lead to the possibility of delay or cancellation of the examination.
• Becton, Dickinson and Company, FACSDuet Premium Sample Preparation System, Class II – Sample preparation system with software may cause: 1) Multidispense feature enabled with 2-tube assay: Specimen volume dispensed into tube1 at least 3% higher than volume in tube2, or 2) Absolute counts calculated using Trucount Tubes: increased volume in tube1 may result in 20% higher absolute counts in tube 1 than tube 2; could result in additional blood collection, delayed results/patient therapy.
• Fisher & Paykel Healthcare, PT301US Airvo 3 Respiratory Support Device, Class II – Due to a software issue, affected devices that are set up with High Pressure Oxygen (HPO), if the flow alignment alarm occurs, the device will deliver room air only. If this happens, a patient my experience oxygen desaturation that could lead to hypoxia.
• Medtronic Neuromodulation, Medtronic Handset with Communicator, Class II – A subset of the handsets within the kit may not be able to complete the pairing process with the communicator upon initial setup.
• CareFusion 303, MedStation ES, Class II – If automated dispensing cabinets have specific software versions, and Component Manager was configured to “installed mode”, and software patch KB 5033688 was installed in the production environment, then this will lead to an error that prevents the user from accessing the dispensing software application, which may delay accessing medication.
• Mint Medical, mint Lesion, Class II – Some software versions have a malfunction where they may show incorrect orientation labels for a specific subset of DICOM images.
• Siemens Healthcare Diagnostics, epoch NXS Host, Class II – Siemens Healthcare Diagnostics is recalling their epoch Blood Analysis System because of a software malfunction that occurs when specific criteria are met that can result in the incorrect patient name being assigned to a blood measurement by the device if the user of the device does not ensure verification of the correct patient name. The software malfunction has the potential to impact patient safety via misdiagnosis and/or mistreatment by a clinician if the wrong patient information is saved with the test result from the subject device.
• Micro-X, MICRO-X Rover Mobile X-ray System, Class II – Shots were terminated by the mAs integrator; however, the 4 ms exposure time did not allow enough tolerance to achieve diagnostic exposures due to variations in hardware and how different timers are started.
• CareFusion 303, BD Pyxis MedStation ES 7 Drawer Auxiliary Tower, Class II – Due to a software issue, automated dispensing cabinet devices may open the wrong cubie pocket or position, which can lead to: 1) Unintended and incorrect medication removal, or 2) Potential for a different medication (medication pulled in error) to be refilled/loaded, which may lead to may lead to low inventory or a stockout.
• Siemens Healthcare Diagnostics, Atellica CI Analyzer, Class II – Potential that the IMT Diluent volume remaining (% remaining) does not decrease as expected on the Atellica CI Analyzer, potentially leading to the IMT Diluent being empty while still displaying that volume is remaining. In this case Sodium (Na), Potassium (K) and Chloride (Cl) test results may be falsely elevated. Quality Control materials demonstrate the same behavior.
• Becton Dickinson & Co, BACTEC 9240 System, Class II – BD confirmed that product service credentials used by some BD technical support teams to access certain BD products were accessed by an unauthorized actor. Until these product service credentials are updated, there is a risk of unauthorized access that may impact the confidentiality, integrity and/or availability of the relevant products and associated data.
• Philips Medical Systems Technologies, Vue PACS Diagnostic Viewer with Vue PACS client, Class II – A software issue affecting Philips Vue PACS may cause incorrect ischemic map and table value calculations when using the export function in the Perfusion Application for a Siemens CT perfusion study, resulting in misdiagnosis due to incorrect ischemic map and table values.
• Topcon Medical Systems, IMAGEnet 6 Ophthalmic Data System, Class II – The overlay of visual field test locations on a probability map, as presented in IMAGEnet 6 in the so-called “Hood Report”, is not appropriate as it can imply a structure/function correlation for which clinical evidence is not provided.
• Baxter Healthcare Corporation, Hillrom Welch Allyn Q-Stress Cardiac Stress Testing System, Class II – There is the potential for exam files being assigned duplicate Unique Identifiers (UIDs). If the system receiving the DICOM file (e.g., Picture Archiving and Communication System (PACS)) relies solely on the UID to accept exams, this could lead to a mismatch of the patients identification with their physiological data.
• Canon Medical System, Cartesion Prime Digital PET-CT, Class II – When PET-CT system is executing reconstruction, if PET acquisition for another patient is performed (or PET reconstruction for another patient is performed from raw data processing), PET reconstruction control processing may hang up and PET reconstruction may stop as a result, which may necessitate repeat PET/CT examinations.
• Medtronic Navigation, StealthStation S8, Class II – Due to two software anomalies that can occur within a spine procedure. Two issues are: 1. Navigation Orientation – when lateral orientation radiographic images are taken, information may appear flipped when utilizing the system (180 degree flipped). 2. Pop-up Message – when using CT+Fluouroscopy images with a slice spacing thickness greater than 2mm, the system does not display a pop-up message indicating the slice spacing is not optimal.
• Agfa Healthcare, Enterprise Imaging XERO Viewer, Class II – Software defect, when an image has non-square pixel spacing, the reference/localizer line is incorrectly placed on the scout image in the XERO Viewet, may display the incorrect crosshair/line position on the non-coplanar/scout image with respect to the axial slice location. Inaccurate placement of reference lines or crosshairs have potential risk of misdiagnosis or mistreatment due to unintended shifts in the display of anatomical locations.
• Philips North America, Patient Information Center iX, Class II – During extended operation of the MX40 with the PIC iX, the DHCP (Dynamic Host Configuration Protocol) lease can expire on the MX40. If the DHCP lease expires while the device is offline, upon reconnecting with the PIC iX, a new IP address will be assigned to the MX40. The PIC iX will not recognize the new IP address after reconnecting and therefore the expecting settings sync fails.
• Beckman Coulter, Dxl 9000 Access Immunoassay Analyzer, Class II – When the DxI 9000 Access Immunoassay Analyzer with system software version 1.16.2 and prior is configured to automatically request a calibration order, the instrument can process the order with expired calibrator material. If the calibration curve is generated with an expired calibration material lot, this may lead to a hazardous situation of erroneously high or low patient results reported to the physicians.
• BioFire Diagnostics, FILMARRAY Gastrointestinal (GI) Panel, Class II – The firm has identified an increased risk of obtaining false positive Cryptosporidium results from customers using the BIOFIRE FILMARRAY Gastrointestinal (GI) Panel.
• Hologic, Selenia Dimensions/ 3Dimensions-Digital breast tomosynthesis, Class II – Identified an issue with Selenia Dimensions 1.12.0 and 3Dimensions 2.3.0 system software when used in combination with C-View software in which the quality of the final C-View synthesized 2D image is impacted and may appear blurry and result in misdiagnosis with the possibility being a false negative diagnosis.
• Siemens Medical Solutions USA, ACUSON Maple 1.0 Diagnostic Ultrasound System, Class II – If ultrasound systems with software, are changed from factory default to : 1) Milliliters per second (ml/sec, mL/sec) or 2) Milliliters per minute (ml/min, mL/min); then systems will perform incorrect unit conversion of liters to milliliters using multiplier 100 instead of 1000, resulting values 10x smaller than actual, which could contribute misdiagnosis or negatively influence patient management.
• Hitachi America, PROBEAT, Class II – During positioning within the system’s 3D to 3D matching mode while transferring CBCT images, when the Float Image Selection button is pressed, it may display CBCT images that are insufficient in number.
• CareFusion 303, BD Pyxis QFill Replenishment Station, Class II – Due to software issue, there is a potential when a restock label is printed for a medication stored in a non-CUBIE location, the incorrect bin for the medication is printed on the label.
• Schiller, CARDIOVIT AT-180, Class II – Potential for high-frequency signal artifacts is recorded during an ECG acquisition performed by CARDIOVIT AT-180 electrocardiographs.
• Beckman Coulter, DxI 9000 Access Immunoassay Analyzer, Class II – When a DxI 9000 Access Immunoassay Analyzer is connected to a Laboratory Automation System (LAS) and is running with the system software versions 1.17.0 and below, the analyzer does not send a message to the LAS when the sample wheel is full, and the LAS continues sending samples despite the limited capacity to process new samples. Therefore, sample tests may be aliquoted but not processed when the number of tests associated with onboard patient samples exceeds the throughput limit. If this issue occurs test results are flagged with a sample wheel timeout (SWT) error flag, and there may be a delay in reporting test results which could lead to a delay in patient treatment.
• Beckman Coulter Mishima K.K., DxC 500 AU Clinical Chemistry Analyzer, Class II – Due to a software issues, after the instrument processes 250 racks cumulatively, any subsequent racks with samples requiring rerun/reflex will be held in the Sample Handler’s Buffer area and error code “9000” will be reported. This issue may cause a delay of results.
• Abbott Laboratories, Alinity hq Analyzer, Class II – 1) If Complete Blood Count with differential and reticulocyte(CBC+Diff+Retic) sample is run, then immediately following on same rack CBC+Diff sample is run, then falsely low red blood cell count may occur, generating falsely high Mean Cell Hemoglobin(MCH)/MCHC and falsely low hematocrit results. 2) Cell events may be incorrectly counted as basophil(BASO), resulting in increased BASO and %BASO counts.
• Boston Scientific Neuromodulation, WAVEWRITER ALPHA: Model: SC-1216, Class II – Spinal Cord Stimulation (SCS) Implantable Pulse Generator (IPG) may experience routine system check during IPG charging, which may cause device reset, which may lead to transient loss of stimulation; patients may experience undesired sensations when therapy turns off for approx. 10-15 seconds and then back on, which may lead patient to request surgical intervention for replacement or revision.
• Philips North America, IntelliVue Patient Monitor MX400, Class II – Philips lntelliVue Patient Monitors MX400/450/500/550 Shipped or Upgraded with Incorrect Software Options. Changes were made to reflect some options becoming standard capabilities for software-version N.x. In the process, the entitlements of software options MOS, M06, and M20 were removed for software versions L.x and M.x. As a result of these changes Patient Monitors manufactured with or updated to the latest versions of software L.x or M.x will not offer the capabilities> Mmonitors with software version K.x may experience this issue too, due to software version K being out of support and the devices being provided with L.x entitlements offered by software options MOS, M06, and M20. Potential for incorrect or delayed treatment for the patient.
• Medivance, Arctic Sun Temperature Management Systems, Class II – If temperature management system fails to reach correct target water temperature while device is operating in patient control mode, due to sudden patient temperature changes/interruption in water flow/blockage of air flow by an obstruction or dirty filter, then system may not alert, and alarm absence may lead to hypothermia or hyperthermia, so a software update will be released to correct issue.
• Siemens Medical Solutions USA, Sensis Vibe systems, Class II – If the Sensis documentation functionality is used during adding of once-per-study reporting events (e.g., Type 1 events, as further defined in the administrator manual), the possibility exists that the application could crash.
• Alcon Research, Surgical Image Guidance Functionality, Class II – After surgery initiation, while using surgical image guidance, if significant eye rotation/movement occurs, a software anomaly may cause re-establishment of incorrect new registration angle, range indicator will display incorrectly, which could result in incorrect placement of toric IOL axis, which could cause astigmatic error under/over correction resulting in decreased uncorrected visual acuity.
• Qiagen Sciences, QIAcube Connect MDx, Class II – Heater shaker module does not perform heating if the temperature is set below 40C for static incubation steps when running IVD protocol QIAamp DSP DNA Mini Kit (cat. no. 61304), Protocol: Isolation of genomic DNA from Gram-positive bacteria (Script filename: Kt_name_Bacteria (Gram+) or rY’east_Enzymatic Lysis_ V2) which could potentially cause delayed or erroneous results depending on the downstream assay.
• Abbott Medical, Abbott Liberta RC, Class II – Deep brain stimulation system will first turn off after approximately 50 days after the system is activated and subsequently, this same action will recur approximately every 50 days thereafter. This unexpected loss of stimulation may result in loss of therapy.
• Beckman Coulter, DxI 9000 Access Immunoassay Analyzer, Class II – Beckman Coulter is recalling their DxI 9000 Access Immunoassay Analyzers, an in vitro diagnostic device used for the quantitative, semi-quantitative, or qualitative determination of various analyte concentrations found in human body fluids, by correction. The reason for the recall is: Beckman Coulter has determined that the DxI 9000 Access Immunoassay analyzer accepts calibrator values scanned from multiple calibrator cards when an operator configures a new calibrator lot. The analyzer accepts the calibrator lot values from any scanned calibrator card, regardless of the assay test code or calibrator material lot number. The software is not validating the integrity of each calibrator barcode scanned to ensure they are all from the same calibrator card. This includes all software versions and all DxI 9000 instruments that are currently in the field. This issue does not impact calibrator material with 2D calibrator card barcodes. This may cause a failed calibration curve. The health risk to patients is dependent upon the analytes that could be impacted by the error, to include receiving delayed or erroneous results.
• Siemens AG/Siemens Healthcare, ARTIS, Class II – A potential issue with ARTIS icono systems equipped with a small detector and a corresponding collimator (model # 10843101) was identified. In very rare situations, the first x-ray release following patient registration may be performed with incorrect copper prefiltration. If the described issue occurs, the applied radiation dose rate may be higher than intended by the user.
• Aerin Medical, Aerin Medical VivAer Stylus, Class II – Some units in a single production lot were programmed incorrectly which will result in the VivAer Stylus being incorrectly recognized as RhinAer Stylus when connected to the Aerin Console.
• Medtronic Neuromodulation, SynchroMed II Model 8637 and SynchroMed III Model 8667 implantable pumps, Class II – Software issues were identified in application version 2.x.
• Angiodynamics, AURYON LASER SYSTEM, Class II – Potential for procedural delays or interruptions during use of the Auryon Atherectomy System due to the Auryon Atherectomy System not advancing to the Activation (Ready) mode.
• Abbott Medical, Merlin PCS 3650 programmer, Class II – Due to a programmer software anomaly, during finalizing of the leadless pacemaker system, a specific sequence of programmer actions combined with a loss of telemetry during a small window (<2 seconds) may cause the finalization step to fail. If this occurs, the Programmer displays a loss of telemetry detected window, and there is no pacing.
• Philips North America, Philips Smart-Hopping, Class II – The following four issues are included: 1. Certain Channel Settings may result in an Access Point preventing a connected client device from roaming to another Access Point potentially causing the client device to appear to drop out from the network. 2. if the Access Point experiences a disconnection from the Access Point Controller exceeding 4 minutes, the Access Point may not transition through the desired state to all for clean reconnection of the client radio link. 3. Potential to experience higher than expected data dropouts, device disassociations/reassociations for their wireless clients, and frequent “Loss of AP” alerts. 4. Potential for the Smart-hopping Access Point is affected by a software issue where the Access Point will resent after 82.85 days when the frame counter reaches its limit. This causes the latest synchronization check to fail and potential for loss of patient data.
• Philips North America, Spectral CT and Spectral CT Plus, Class II – Potential for a plan box not updated issue during Interventional procedure with Spectral CT that may lead to a collision with the operator or with the needle placed inside the patient, and an incorrect patient ID software issue that may lead to misdiagnosis.
• CHANGE HEALTHCARE CANADA, McKesson Cardiology Hemo, Class II – A potential issue has been identified in Change Healthcare Cardiology Hemo where incorrect data entry can lead to inaccurate hemodynamic calculations, potentially resulting in misdiagnosis and inappropriate treatment. This issue occurs when the unit of measurement (UOM) for hemoglobin is configured in a way that differs from the users understanding.
• Zyno Medical, Z-800 Infusion System, Class III – For the Z-800WF pumps, the WiFi software was not compatible with the pump software that had been loaded in accordance with ongoing correction Z-1183-2024.
• Abbott Medical, Merlin@home with the MerlinOnDemand capability Transmitter, Class III – Due to heart transmitter not being able to upgrade to the current software version in the field after experiencing a power interruption during a prior over-the-wire software download.

• Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions Guidance for Industry and Food and Drug Administration Staff
• Laboratory Developed Tests: Enforcement Discretion Policy Regarding Special Controls
• Marketing Submission Recommendations for a Predetermined Change Control Plan for Artificial Intelligence-Enabled Device Software Functions
• Use of Real-World Evidence to Support Regulatory Decision-Making for Medical Devices (revision)

• Artificial Intelligence-Enabled Device Software Functions: Lifecycle Management Considerations and Pre-market Submission Recommendations
• Enforcement Discretion Policy for Certain Laboratory Developed Tests for Unmet Needs: Frequently Asked Question

• Computer Software Assurance for Production and Quality System Software
• Draft Guidance Topics
• Policy for Regulatory Status of Device Software Functions (revision of Policy for Device Software Functions and Mobile Medical Applications)

• CVSS v4.0, Common Vulnerability Scoring System version 4.0
• ISO/IEEE 11073-10701 First Edition, Health informatics – Device interoperability Part 10701: Point-of-care medical device communication – Metric provisioning by participants in a Service-oriented Device Connectivity (SDC) system
• ISO/IEEE 11073-10701-2022, IEEE Standard for Health Informatics – Device Interoperability – Part 10701: Point-of-Care Medical Device Communication – Metric Provisioning by Participants in a Service-Oriented Device Connectivity (SDC) System
• NEMA, PS 3.1 – 3.20 2024e, Digital Imaging and Communications in Medicine (DICOM) Set

1. Provide threat modeling using a threat modeling methodology
2. Provide a cybersecurity risk assessment (i.e., CVSS, IEEE 11073-40101-2020, NIST SP 800-30)
3. How the device detects, monitors, logs, and/or alerts users of security compromise
4. Provide a reasonable assurance that the device and related systems are cybersecure
5. Describe the end-to-end process for delivering updates to the device
6. Describe the end-to-end process for deploying updates from the cloud environment including any risks identified and mitigations implemented
7. Provide a SBOM
8. Provide security testing, including, but may not be limited to, requirement verification testing, static and dynamic code analysis, malformed input (fuzz) testing, vulnerability scanning, and penetration testing
9. Provide a plan to monitor, identify, and address, as appropriate, in a reasonable time, post market cybersecurity vulnerabilities and exploits, including coordinated vulnerability disclosure and related procedures
10. Provide cybersecurity labeling for the user

1. The changes don’t require regulatory submissions
2. You can produce all of the necessary design change documentation.

In practice, we’ve seen software development firms who can release updates as quickly as every two weeks. Usually, however, monthly or quarterly releases are more realistic.

• Defect management
• Code control
• Static code analysis
• Dynamic code analysis
• Unit and integration testing
• Continuous integration
• Penetration testing
• Functional safety
• SBOM

• Static Code Analysis – Parasoft, Coverity, Polyspace, SonarQube, Axivion, PQRA, Klocwork, Grammatech, LDRA, IAR C-STAT
• SBOM – MergeBase, FOSSA, Sonatype, Insignary, Snyk
• Defect management – Jira, Asana, Azure DevOps
• Unit & integration testing – Cantata
• Safe embedded operating systems – Seggar RTOS