Medtronic Recalls MiniMed Insulin Pumps Over Cybersecurity Vulnerabilities

Unauthorized parties could wirelessly connect to the device and control insulin delivery.

Photo/Thumb have been modified. Courtesy of Ajepbah via Wikimedia Commons. Creative Commons.

Medtronic has recalled two MiniMed insulin pumps that might have cybersecurity vulnerabilities, according to a safety communication released yesterday by the U.S. Food and Drug Administration (FDA).

The affected MiniMed pumps are named 508 and Paradigm.

Medtronic sent a letter to patients who might have one of the vulnerable models.

“We apologize for any inconvenience this may cause,” James Dabbs, vice president of quality assurance for Medtronic Diabetes, wrote in the letter. “Your safety and satisfaction are our top priorities.”

The FDA became aware that an unauthorized person, other than a patient, caregiver or provider, could connect wirelessly to a nearby MiniMed pump. If a person gains access to the pump, they can change the setting to over-deliver or stop delivering insulin. This could lead to low blood sugar or high blood sugar and diabetic ketoacidosis in patients.

While the FDA and Medtronic are not aware of patients reporting harm resulting from the cybersecurity flaws, the organizations recommended that patients switch to models that are better equipped to protect against vulnerabilities.

Medtronic’s letter included cybersecurity precautions for all patients, including:

  • Keep their pump and connected devices within their control at all times
  • Don’t share pump serial numbers
  • Be attentive to notifications, alarms and alerts
  • Cancel any unintended boluses
  • Monitor levels closely and act as appropriate
  • Don’t connect to third-party devices or use unauthorized software
  • Disconnect CareLink USB device from computers when it isn’t being used to download data from the pump
  • Get help immediately if experiencing symptoms of severe hypoglycemia or diabetic ketoacidosis, or pump settings change unexpectedly

Patients and providers should report adverse events due to the use of these models.

Get the best insights in digital health directly to your inbox.

Related

Phishing Emails Play on Our Fear of Failure

Hacking and Neglect Continue to Keep Healthcare in Danger

3 Trends Plaguing Healthcare Cybersecurity & How to Fight Them