ClickCease
logo
GET STARTEDlinecall443-731-0267
Close
Close
What are you looking for?

Cybersecurity Risk with the Impella Controller

  • October 22, 2025
  • KBD Attorneys
  • No Comments

FDA Issues Class I Recall of Abiomed’s Impella Controller Due to Cybersecurity Risk

A Digital Threat With Real-World Consequences for Heart Patients

The U.S. Food and Drug Administration (FDA) has announced a Class I recall — its most serious category — involving Abiomed’s Automated Impella Controller (AIC) due to cybersecurity vulnerabilities that could allow a malicious actor or unauthorized user to interfere with the life-sustaining device.

Read more in this Presswire.

While this recall involves a software correction rather than the physical removal of devices, the potential impact is alarming. The FDA warns that continued use of the AIC without correction could cause serious injury or death.

What Devices Are Affected

The recall covers multiple versions of the Automated Impella Controller, including:

  • Impella Controller (0042-0000-US)

  • Impella Optical Controller (0042-0010-US)

  • Optical AIC Impella Connect (0042-0040-US)

  • AIC with Impella Connect for ECP (1000432)

  • Double Optical AIC Impella Connect (1000201)

Every serial number of these models is affected, meaning that all Impella Controllers in use or storage must undergo cybersecurity correction.

The Nature of the Risk

According to the FDA, Abiomed identified cybersecurity vulnerabilities that pose “unacceptable residual risk” related to both network and physical access to the Impella Controller system.

If these vulnerabilities were exploited, the essential performance of the device could be compromised, potentially causing:

  • Loss of device control

  • Unexpected pump shutdowns

  • Loss of hemodynamic support — a critical failure for patients relying on the Impella to keep blood circulating during heart recovery

Such outcomes could result in life-threatening injury, permanent impairment, or death.

To date, no cyberattacks or patient harm have been reported in connection with this issue. However, as medical devices become increasingly network-connected, the FDA and patient safety advocates warn that cybersecurity threats to implanted or digitally monitored devices are no longer theoretical.

What Abiomed and the FDA Are Doing

On October 1, 2025, Abiomed notified healthcare providers and hospitals of the issue. The company emphasized that the devices are not being recalled or removed from hospitals, but must be secured and disconnected from network access until a cybersecurity patch can be deployed.

The company’s recommendations include:

  • Keeping each controller in a secure environment with restricted access

  • Disabling the AIC’s network connection (which does not affect its clinical use)

  • Waiting for further instructions from Abiomed’s field representatives or contacting the company directly to begin the process

  • Reporting any suspected cybersecurity event to the Johnson & Johnson Product Security portal

Abiomed — now owned by Johnson & Johnson — stated that it is developing security updates to address the vulnerability and will provide additional information once they are ready for deployment.

Why This Matters: When Life-Saving Devices Become Cyber Targets

The Impella system is not an optional or routine medical device. It provides mechanical circulatory support for critically ill patients — often those recovering from cardiac arrest, heart attacks, or complex surgical procedures. The Automated Impella Controller is the central control hub for this life-sustaining therapy.

That’s what makes this recall especially concerning.
A loss of control, whether caused by a malfunction or a digital breach, can have immediate and catastrophic consequences.

In recent years, the FDA has issued growing numbers of cybersecurity-related medical device recalls, from infusion pumps to cardiac monitors. Each one underscores the same issue: the healthcare system’s dependence on connected devices creates new vectors of risk.

Hospitals, device manufacturers, and regulators all share responsibility for ensuring that cybersecurity safeguards are built in — not added as an afterthought.

KBD Has Been Warning Patients About Impella 

At Ketterer, Browne & Davani, LLC, we’ve been closely tracking safety concerns surrounding Abiomed’s Impella devices long before this latest cybersecurity correction. In previous blogs date back over a year, we’ve highlighted FDA Class I recalls involving the Impella 5.5 with SmartAssist due to motor detachment and controller malfunctions that could cause the pump to stop unexpectedly — both posing life-threatening risks to patients who rely on mechanical circulatory support. Our team has repeatedly called attention to the pattern of ongoing device vulnerabilities, urging hospitals and heart centers to prioritize patient safety over speed of use. This latest cybersecurity alert reinforces what KBD has long cautioned: that even advanced life-support technologies can fail when proper oversight, testing, and transparency are lacking.

Read some of the past blogs we have posted:

Automated Impella Controller Fixation Issue

Automated Impella Controller Safety Concerns

Impella RP Recall

FDA Inspection of the Impella Connect 

Impella Heart Pump Recall – Perforated Left Ventricular Wall

FDA Inspection of the Impella Connect 

What Patients and Hospitals Should Do

For hospitals and care facilities currently using Abiomed’s Impella devices:

  • Confirm whether your facility received Abiomed’s field correction notice dated October 1, 2025.

  • Ensure that each Impella Controller has been disconnected from any network.

  • Restrict physical access to the controllers, whether in use or storage.

  • Do not delay reporting any suspected cybersecurity event or unusual device behavior.

For patients and families:
If you or your loved one recently received Impella therapy, there is no need for panic — but there is reason for vigilance. You can:

  • Ask your cardiologist or hospital whether your treatment involved an affected controller

  • Request written confirmation that the device was corrected or secured

  • Report any concerning symptoms or device alarms immediately

Legal and Regulatory Accountability

The FDA’s classification of this as a Class I recall signals that the issue presents the highest potential for harm. Even without reported injuries, manufacturers must ensure that patients are never placed at preventable risk — digital or otherwise.

If future incidents reveal that network vulnerabilities contributed to patient harm, liability could extend beyond the manufacturer, potentially involving:

  • Device distributors and hospital systems that failed to secure affected units

  • Software vendors or third-party network integrators

  • Regulatory entities if oversight was insufficient

Ketterer, Browne & Davani (KBD Attorneys) monitors FDA recalls involving critical medical and life-support devices, particularly where cybersecurity, design flaws, or negligent oversight intersect with patient safety.

Our firm has long advocated for stronger protections for patients who rely on complex medical technology — and for holding companies accountable when they fail to safeguard those devices.

Protecting Patients in a Connected Healthcare Era

The Impella recall illustrates a broader truth: the more connected our medical technology becomes, the greater the need for vigilance, transparency, and legal accountability.

Software bugs and cyber threats can now carry the same lethal potential as a defective implant or contaminated drug batch.

KBD Attorneys will continue to follow developments in the Impella Controller correction and other medical device recalls impacting patient safety.

For more information on all heart related devices visit our dedicated page.

If you or a loved one suffered complications related to a recalled or defective medical device, you may have legal options.

Contact Ketterer, Browne & Davani, LLC for a free consultation.

We represent patients nationwide harmed by unsafe or improperly monitored medical products.

Contact KBD to Speak to a Maryland Personal Injury Attorney Today

At KBD, we try to bring holistic resolutions to our clients’ problems and hold the negligent parties accountable for their actions. While trials are a possibility, we are also highly experienced at securing effective settlements before a judge or jury ever needs to be involved. You deserve to have a strong and knowledgeable ally in this fight.

A Maryland personal injury lawyer could help you pursue your case. To learn more about how Ketterer, Browne & Associates, LLC will advocate for you, give us a call or fill out a contact form to set up a free consultation.

call 443-731-0267

KBD Office Locations

Maryland

336 S. Main Street Bel Air, MD 21014
443-731-0267

North Carolina

205 West Millbrook Road Suite 210-A Raleigh, NC 27609
984-364-8776

Florida

4300 Bayou Blvd Suite 16, Fl. 2, 16 Pensacola, FL 32503
850-888-4948

Massachusetts

407 Dudley Street Roxbury, MA 02119
508-978-7443