|
Class 2 Device Recall The Infinity Acute Care System and Infinity M540 Patient Monitor |
|
Date Initiated by Firm |
September 13, 2019 |
Date Posted |
October 31, 2019 |
Recall Status1 |
Open3, Classified |
Recall Number |
Z-0258-2020 |
Recall Event ID |
83889 |
510(K)Number |
K113798 K093788
|
Product Classification |
Monitor, physiological, patient(with arrhythmia detection or alarms) - Product Code MHX
|
Product |
The Infinity Acute Care System (IACS) Monitoring Solution with the Standalone Infinity M540 patient monitor. Model nos. MS25510, MS25520, MS26372. |
Code Information |
Software version VG4.1.1/VG4.0.3 and lower |
Recalling Firm/ Manufacturer |
Draegar Medical Systems, Inc. 6 Tech Dr Andover MA 01810-2434
|
For Additional Information Contact |
Mike Kelhart 215-660-2349
|
Manufacturer Reason for Recall |
Cybersecurity vulnerabilities may cause device to reboot, lose alarm functionality, and/or lose communication with cockpit and/or the Infinity Network.
|
FDA Determined Cause 2 |
Software design |
Action |
On September 13, 2019, the firm distributed Urgent Medical Device Recall letters to customers. Customers were informed of the cybersecurity vulnerabilities, which can include Distributed Denial of Service (DDOS) (packet storm), Spoofing, and Tampering.
To mitigate the cybersecurity concerns, Draeger will be releasing software version VG4.2 for both the Cockpit and the M540, which will correct these cybersecurity vulnerabilities. The software is expected to be released for distribution in December 2019. Upgrades of the IACS systems will commence in January 2020.
While the firm is in the process of updating the software, customers are asked to limit access to the Infinity Network by following these security recommendations:
1. Physical security of the patient monitors is recommended and is the responsibility of the
operating organization.
2. Physical security of the telecommunications closet is recommended and is the responsibility
of the operating organization.
3. Draeger recommends that operating organizations restrict physical access to unused Ethernet
ports on the IACS.
4. Draeger recommends that operating organizations restrict physical access to unused USB and
serial ports on the IACS.
5. Draeger relies on the medical device isolation mechanism of the VLANs and the proper
configuration, implementation, and use of the operating organization's security measures to
prevent the introduction of malware onto the Infinity Network.
Your local Draeger Service Representative will contact you to schedule an appointment to upgrade your system(s) software free of charge once the new software version is released for distribution.
If you have any questions regarding this letter, please contact Michael Kelhart between the hours of
8:00 AM - 4:30 PM EST at 1-800-437-2437 (press 1 at the prompt, then 32349). |
Quantity in Commerce |
5634 |
Distribution |
US Nationwide distribution. |
Total Product Life Cycle |
TPLC Device Report
|
|
1 A record in this database is created when a firm initiates a correction or removal action. The record is updated if the FDA identifies a violation and classifies the action as a recall, and it is updated for a final time when the recall is terminated. Learn more about medical device recalls.
2 Per FDA policy, recall cause determinations are subject to modification up to the point of termination of the recall.
3 The manufacturer has initiated the recall and not all products have been corrected or removed. This record will be updated as the status changes.
|
510(K) Database |
510(K)s with Product Code = MHX and Original Applicant = Draeger Medical Systems, Inc.
|
|
|
|