Mislabeling Overtakes Software As Top Cause For Medical Device Recalls

Sedgwick researchers have discovered a substantial drop in the number of recalled medical device units, while cybersecurity and Software as a Medical Device (SaMD) concerns continue to grow. According to the 2023 U.S. Recall Index, recalled medical device units dropped by 27.2%, from 602.5 million in 2021 to 438.4 million in 2022. In contrast, the number of medical device recall events rose by 11.4% in 2022, from 837 in 2021 to 932.

Sedgwick reports that mislabeling was the leading cause of recall activity in 2022, with 154 events (16.9%), dethroning Software, which had held the top position for five consecutive years (2017 to 2021). Consequently, the average recall size shrank from 719.8K units in 2021 to 470.4K in 2022. This shift in recall trends prompted regulatory bodies to reevaluate existing standards and guidelines. In response, the FDA proposed a rule in February 2022 to harmonize U.S. medical device manufacturing standards with international standards. Sedgwick highlights that this change aims to streamline operations for global medical device companies while addressing concerns about the short transition timeline, particularly for smaller firms.

The increasing digital connectivity of medical devices and the associated cybersecurity risks have also attracted the FDA’s attention. Sedgwick emphasizes the FDA’s release of draft guidance on “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions” in April 2022. The document offers manufacturers comprehensive guidelines for mitigating cybersecurity threats due to rapid technological advancements and the widespread use of personal and interconnected medical devices.

The Consolidated Appropriations Act, 2023 (H.R. 2617), signed in December 2022, further underscores the importance of cybersecurity. As Sedgwick points out, the Act mandates medical device manufacturers to submit plans for monitoring, identifying, and addressing post-market cybersecurity vulnerabilities and exploits. This marks the first time that express federal statutory requirements have been set for medical device manufacturers concerning cybersecurity. Sedgwick also notes the FDA’s growing focus on Software as a Medical Device (SaMD) in recent years. In 2022, about 50 recalls were related to SaMD, representing roughly 3% of all medical device recalls that year. As more devices incorporate or consist of software, an increase in recalls and notifications in this sector is expected.

Moreover, Sedgwick’s data shows that in January 2023, there were 135 recalls for medical devices, a significant jump from the monthly average of 80 in Q4 2022. The number of units also increased, with 69.88 million units recalled in January compared to the monthly average of 20.66 million in the last quarter of 2022, representing a 238.2% increase. Manufacturing defects were the most common reason cited by the FDA for medical device recalls in January 2023, accounting for 47 events or roughly 34.8% of the total.

As the landscape of medical device recalls evolves, Sedgwick suggests that companies, distributors, and suppliers should brace themselves for heightened FDA oversight, particularly regarding SaMD. Companies must ensure that their recall plans and protocols include proper notification and redress for consumers, as the FDA will continue using its enforcement power to protect public health. The growing interconnectedness of medical devices necessitates that the industry prioritize cybersecurity to maintain consumer trust and ensure patient safety.