embedded software boot camp

Firmware Wall of Shame: Welch Allyn Defibrillator Recall

Tuesday, March 17th, 2009 by Michael Barr

The FDA has just announced a Class I (the most serious human risk category) recall of the Welch Allyn AED 10 automatic external defibrillator (shown).

Among the reasons for the recall are the following problems that are either caused by embedded software bugs or hardware problems able to be fixed entirely through a firmware upgrade:

  • “Units serviced in 2007 and upgraded with software version 02.06.00 have a remote possibility of shut down during use in cold environmental conditions. There are no known injuries or deaths associated with this issue. The units will be updated with the current version of software.”
  • “All of the recalled units will be upgraded with software that corrects [another] unexpected shutdown problem. In the meantime … it is vital to follow the step 1-2-3 operating procedure which directs attachment of the pads after the device has been turned on. This procedure is described on the back of your device and also in the Quick Reference material inside the AED 10 case. Some pages in the user’s manual may erroneously describe or show illustrations of [a different] operating procedure… Please disregard these erroneous instructions.”

There has been at least one death at a time when the second type of unexpected software shutdown occurred. Are bugs in the embedded software to blame? Of what sort? Could the authors of that firmware be sued in relation to the death? Were they negligent? Are they sure that there are Zero Bugs (or even just fewer bugs) in the “current version of the software”?

Expect more of this type of firmware-involved death as embedded systems continue to proliferate.

Tags: , , ,

Leave a Reply