Unauthorized parties could wirelessly connect to the device and control insulin delivery.
Photo/Thumb have been modified. Courtesy of Ajepbah via Wikimedia Commons. Creative Commons.
Medtronic has recalled two MiniMed insulin pumps that might have cybersecurity vulnerabilities, according to a safety communication released yesterday by the U.S. Food and Drug Administration (FDA).
The affected MiniMed pumps are named 508 and Paradigm.
Medtronic sent a letter to patients who might have one of the vulnerable models.
“We apologize for any inconvenience this may cause,” James Dabbs, vice president of quality assurance for Medtronic Diabetes, wrote in the letter. “Your safety and satisfaction are our top priorities.”
The FDA became aware that an unauthorized person, other than a patient, caregiver or provider, could connect wirelessly to a nearby MiniMed pump. If a person gains access to the pump, they can change the setting to over-deliver or stop delivering insulin. This could lead to low blood sugar or high blood sugar and diabetic ketoacidosis in patients.
While the FDA and Medtronic are not aware of patients reporting harm resulting from the cybersecurity flaws, the organizations recommended that patients switch to models that are better equipped to protect against vulnerabilities.
Medtronic’s letter included cybersecurity precautions for all patients, including:
Patients and providers should report adverse events due to the use of these models.
Get the best insights in digital health directly to your inbox.
Phishing Emails Play on Our Fear of Failure
Hacking and Neglect Continue to Keep Healthcare in Danger
3 Trends Plaguing Healthcare Cybersecurity & How to Fight Them