| | Class 2 Device Recall BD EpiCenter Single User Software |  |
| Date Initiated by Firm | October 31, 2024 |
|---|
| Date Posted | December 03, 2024 |
|---|
| Recall Status1 |
Open3, Classified |
| Recall Number | Z-0584-2025 |
|---|
| Recall Event ID |
95636 |
| Product Classification |
Calculator/data processing module, for clinical use - Product Code JQP
|
| Product | BD EpiCenter Single User Software
Version or Model: 441007
Catalog Number: 441007 |
|---|
| Code Information |
Catalog No: 441007; UDI-DI: 00382904410070; Serial Number: This software version was not serialized. Distribution quantities unable to be determined. |
Recalling Firm/
Manufacturer |
Becton Dickinson & Co.
7 Loveton Cir
Sparks MD 21152-9212
|
| For Additional Information Contact | North American Regional Complaint Center
410-316-4000 |
|---|
Manufacturer Reason
for Recall | BD confirmed that product service credentials used by some BD technical support teams to access certain BD products were accessed by an unauthorized actor. Until these product service credentials are updated, there is a risk of unauthorized access that may impact the confidentiality, integrity and/or availability of the relevant products and associated data. |
|---|
FDA Determined
Cause 2 | Software design |
|---|
| Action | On October 31, 2024 URGENT" MEDICAL DEVICE PRODUCT CORRECTION letters were sent to consignees. IT, Safety and Security Actions to be Taken:
BD encourages customers to follow best practices for maintaining strong security measures to protect hospital networks and medical devices including:
"Ensure access to potentially vulnerable devices is limited to authorized personnel
"Inform authorized users of issue, and ensure all relevant passwords are tightly controlled
"Monitor and log network traffic attempting to reach medical device managementenvironments for suspicious activity
"Where possible, isolate affected devices in a secure VLAN or behind firewalls with restrictedaccess that only permits communication with trusted hosts in other networks when needed
"Impacted devices do not require use of RDP ports and these should be disabled or blockedif enabled
"Ensure permissions on file shares are appropriately established and enforced, and monitorand log access for evidence of suspicious activity
"Disconnect devices from the network if connectivity is not necessary
Next Steps to be Taken by Customer:
1.Ensure the contents of this notification are read and understood.
2.Share and post this customer letter within your facility network including IT and safety andsecurity department. Forward to any customers to whom you may have distributed theproduct(s) to ensure awareness.
3.Complete the attached Customer Response Form and return it to the BD contact noted on theForm so that BD may acknowledge your receipt of this notification per FDA requirements.
4.Report any adverse health consequences experienced with the use of these products to BD.Events may also be reported to the FDA's MedWatch Adverse Event Reporting program via:
Web: MedWatch website at www.fda.gov/medwatch Phone: 1-800-FDA-1088 (1-800-332-1088)
Mail: MedWatch, HF-2, FDA, 5600 Fisher s Lane, Rockville, MD 20852-9787
If you require further assistance, please contact: Technical Service
+1 888 451 5514
Technical Questi |
|---|
| Quantity in Commerce | Software |
|---|
| Distribution | Worldwide distribution - US Nationwide and the countries of Algeria, Argentina, Armenia, Australia, Austria, Azerbaijan, Bahrain, Bangladesh, Belarus, Belgium, Benin, Bhutan, Bolivia, Bosnia and Herzegovina, Botswana, Brazil, Brunei, Bulgaria, Burkina Faso, Burundi, Cambodia, Cameroon, Canada, Chile, China, Colombia, Costa Rica, Cote d'Ivoire, Croatia, Cyprus, Czech Republic, Democratic Republic of the Congo, Denmark, DOM, Dominica, Dominican Republic, Ecuador, Egypt, El Salvador, Estonia, Ethiopia, Faroe Islands, Fiji, Finland, France, French Guiana, Gambia, Georgia, Germany, Ghana, Greece, Guadeloupe, Guam, Guatemala, Guinea, Guyana, Haiti, Honduras, Hong Kong, Hungary, Iceland, India, Indonesia, Iran, Iraq, Ireland, Israel, Italy, Jamaica Japan, Jordan, Kazakhstan, Kenya, Kosovo, Kuwait, Kyrgyzstan, Laos, Latvia, Lebanon Liberia, Libyan Arab Jamahiriya, Liechtenstein, Lithuania, Luxembourg, Macau, Madagascar Malawi, Malaysia, Maldives, Mali, Malta, Martinique, Mauritania, Mauritius, Mayotte Mexico, MKD, Moldova, Mongolia, Morocco, Mozambique, Namibia, Nepal, Netherlands Antilles, New Caledonia, New Zealand, Nicaragua, Nigeria, Northern Mariana Islands, Norway, Oman, Pakistan, Panama, Papua new Guinea, Paraguay, Peru, Philippines PNG, Poland, Portugal, Puerto Rico, Qatar, Reunion, Romania, Russia, Rwanda, Saint Helena San Marino, Saudi Arabia, Senegal, Serbia, Seychelles, Sierra Leone, Singapore, Slovakia Slovenia, South Africa, South Korea, Spain, Sri Lanka, Sudan, Swaziland, Sweden, Switzerland, Syrian Arab Republic, Taiwan, Tajikistan, Tanzania, United Republic of Thailand, Timor-Leste, Tonga, Trinidad And Tobago, Tunisia, Turkey, Turkmenistan Uganda, Ukraine, United Arab Emirates, United Kingdom, Uruguay Uzbekistan, Vietnam, Yemen, Zambia, Zimbabwe. |
|---|
| Total Product Life Cycle | TPLC Device Report |
|---|
|
1 A record in this database is created when a firm initiates a correction or removal action. The record is updated if the FDA identifies a violation and classifies the action as a recall, and it is updated for a final time when the recall is terminated. Learn more about medical device recalls.
2 Per FDA policy, recall cause determinations are subject to modification up to the point of termination of the recall.
3 The manufacturer has initiated the recall and not all products have been corrected or removed. This record will be updated as the status changes.
|
|
|
|
