The Class I recall of Baxter’s Life2000 ventilators reflects growing scrutiny of software-related risks, according to a former FDA reviewer.
By Alyx Arnett
A cybersecurity vulnerability that prompted Baxter to recall certain Life2000 ventilators is being seen by some industry experts as part of a broader shift in how the US Food and Drug Administration (FDA) treats software-related risks.
While cybersecurity was once viewed as a design best practice, this Class I recall—FDA’s most serious classification—adds to a growing list of cases where software flaws are treated on par with traditional safety issues.
The recall, initiated by Baxter on April 7, 2025, affects 4,881 Life2000 ventilators and compressors distributed worldwide. The company began notifying healthcare providers, patients, and distributors via mail, requesting the devices be located, removed from use, and returned. According to the FDA recall, the cybersecurity vulnerability was discovered through internal testing and classified by the agency as “software in the use environment.”
Cybersecurity Takes Center Stage in Device Safety
Naomi Schwartz, vice president at Medcrypt and a former FDA reviewer, says the Life2000 case fits into a broader trend of treating cybersecurity and other software-driven risks as central to patient safety rather than separate technical concerns.
“FDA is increasingly recognizing that software risks, including cybersecurity and AI algorithm drift, can have real clinical impact,” she says. “We’re seeing a shift where vulnerabilities in software systems, whether due to poor encryption or hardcoded passwords, are being treated with the same urgency as traditional mechanical defects.”
As Schwartz put it, “Cybersecurity is no longer a ‘nice to have’; it’s integral to patient safety, and it’s expected that manufacturers treat cybersecurity in accordance with other design principles that are ‘state of the art.’ Devices transmitting sensitive information in plain text or storing hardcoded passwords are both outdated and dangerous.”
She says the FDA now expects manufacturers to build with secure-by-design principles and evaluate software bills of materials (SBOMs) routinely for supply chain risks. “That shift means HTM teams need to scrutinize security posture the same way they’d review clinical performance. It’s not just about features anymore; it’s about resilience and preparedness for postmarket risk,” she says.
So what can HTM professionals do? “HTM professionals need to treat cybersecurity signals the same way they treat clinical safety signals,” Schwartz says. “That means asking vendors for SBOMs, assessing whether devices support over-the-air updates, and confirming encryption is used for sensitive data.”
She also advises tracking the FDA’s recall database using terms like “cybersecurity” to identify trends and vulnerable devices and working with an Information Sharing and Analysis Center or Information Sharing and Analysis Organization to keep aware of any trends that others in the same infrastructure group have identified.
“And above all, they should prioritize working with vendors that demonstrate transparency, responsible disclosure, and a commitment to secure product development,” she says. “The industry is moving toward a posture where trust must be earned and maintained.”
ID 132530811 © Andrii Yalanskyi | Dreamstime.com
