Safety-critical systems and especially their software components need a thorough verification for failures and potential error propagation. Reliability has to be guaranteed for medical devices in particular. These devices exhibit a broad variability, as well. They have to be suitable for a diverse variety of individual requirements leading to product lines which share a common base functionality, but each product is adapted to different requirements. We present an approach in which failure models are assigned to features which are combined into different product models. Starting with a base model, further product models are derived from it by model transformations. We investigate the structure of the failure models and a possible error propagation. We demonstrate our method using Scade Suite for the model-based product line design of cardiac pacemakers. Formal safety analysis is performed by using the Scade Design Verifier.