Skip to main content
close search
site logo
Dive Brief

Cybersecurity triggers another recall of J&J’s Impella heart pump controller

While no patients have been harmed, the FDA categorized the action as a Class I recall because of the potential for serious injury or death.

Published Oct. 14, 2025
By
Contributor
illustration of a heart showing a tube-shaped device going into the left ventricle
Abiomed's Impella 2.5 heart pump helps maintain blood flow during high-risk heart procedures or cardiac shock. Courtesy of Abiomed
This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

  • Johnson & Johnson has started a Class I recall in response to the cybersecurity vulnerabilities of its automated Impella heart pump controllers.
  • The Food and Drug Administration published a notice about the recall on Friday, nine days after J&J’s Abiomed unit told customers about a problem that could result in life-threatening injuries. 
  • No cyberattacks or harm to patients have been reported. The devices are staying on the market, with Abiomed working to disable the controllers’ network capabilities to mitigate the risks. 

Dive Insight:

The FDA called the cybersecurity vulnerabilities an “unacceptable residual risk related to network and physical access.” If exploited, the vulnerabilities could result in “uncontrolled risks” affecting the device operating system, the agency said, and may affect the essential performance of the controllers. Abiomed used the same wording in its letter to customers.

J&J’s heart pump unit and the FDA both said the vulnerabilities “may potentially result in loss of device control or unexpected pump stop.” The problems could result in life-threatening injury, permanent impairment or death. While no patients have been harmed, the FDA categorized Abiomed’s action as a Class I recall because of the potential for serious injury or death.

Abiomed found the vulnerabilities through internal routine cybersecurity risk assessments. All the vulnerabilities affect the operating system within the controller and do not extend beyond the console itself. Abiomed has not identified any risks to hospital networks.

The findings led the J&J unit to tell customers to keep the affected controllers in a secure environment with restricted access whether in clinical use or not. Field representatives for Abiomed are contacting customers to arrange to disable the devices’ network capabilities. Customers can disable the capabilities themselves if they contact J&J for instructions. 

Abiomed said it is working on security updates and measures to fix the cybersecurity vulnerabilities. The company plans to provide more information when it is ready to deploy its fixes and reconnect devices to the network.

The recall affects the same five products as the early alert that the FDA published last month. The early alert covered potentially fatal purge pressure issues linked to five serious injuries. FDA officials published early alerts about other issues with the controllers in July and August.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
Boyd Biomedical Releases Study on Patient-Centric Medical Device Commercialization
From Boyd Biomedical
October 07, 2025
Boyd Biomedical logo
ABCDx Secures U.S. Patent and Publishes Paediatric TBI (Traumatic Brain Injury) Breakthrough, …
From ABCDx
October 07, 2025
ABCDx logo
Mercury Bio Reports Positive Results from Preclinical Study Evaluating Novel Drug Delivery Tec…
From Mercury Bio
October 01, 2025
Mercury Bio logo
Vena Medical Receives Health Canada Licence for MicroAngioscope System
From Vena Medical
September 25, 2025
Vena Medical logo
Editors' picks
Latest in Medical Devices
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.