The U.S. Food and Drug Administration (FDA) has announced the most serious type of market recall (Class I) for Impella heart pump controllers manufactured by a company owned by Johnson & Johnson, citing discovered cybersecurity flaws.
When it comes to advanced medical devices implanted inside the human body, safety and reliability are absolutely critical. Unfortunately, in the case of Impella heart pump controllers — produced by Abiomed, a subsidiary of Johnson & Johnson — security vulnerabilities have been found that could potentially lead to life-threatening situations.
As a result, the FDA has issued a Class I recall, the agency’s most severe level of product recall. According to the FDA, the discovered vulnerabilities could, in extreme cases, cause a loss of control over the pump’s operation or even trigger a sudden and unplanned shutdown, posing a direct risk to patients’ lives and health.
The recall in this case is a corrective action, not a complete market withdrawal. The manufacturer has advised medical facilities not to connect the devices to computer networks and to temporarily disable their network communication functions until the company releases security updates. Once these software patches are applied, the devices will be safe to reconnect to hospital networks.
Fortunately, no incidents of hacking, data loss, or patient harm have been reported so far. The recall applies to the same five controller models previously flagged in an earlier FDA warning — that time due to technical issues related to power and pressure system components.
This incident serves as a reminder that as more medical devices become connected to networks or begin to integrate AI-driven functionality, cybersecurity must remain a top priority. No one wants to imagine a scenario where a pacemaker is remotely disabled during sleep, or where hospital infrastructure is compromised through malicious software installed by hackers.
It’s worth noting that this isn’t the first time the FDA has had to take action. In 2019, Medtronic announced a recall of some of its insulin pump models (like the MiniMed 508) because of a cybersecurity risk. The issue was a lack of sufficient access control in the wireless communication between the pump and other devices. This vulnerability could have allowed an unauthorized person to remotely control the pump or change its settings, putting users at unnecessary risk. The manufacturer was required to offer users alternative pump models with enhanced security features.
In January 2025, the FDA issued a Safety Communication for Contec CMS8000 and Epsimed MN-120 patient monitors due to security vulnerabilities. These flaws could have allowed remote access, device manipulation, and the leakage of personal and medical data. In response, the manufacturers developed software patches. Instead of ordering a recall, the FDA recommended that users disconnect the devices from the internet and perform a software update.