Certain Medtronic MiniMed insulin pumps are being recalled because they have cybersecurity vulnerabilities that could allow someone other than the patient, caregiver or health care provider to potentially connect wirelessly to the devices and change the the settings. This could allow someone to over-deliver insulin to a patient, leading to low blood sugar, or stop delivery of insulin, leading to high blood sugar and diabetic ketoacidosis, a life-threatening buildup of acids in the blood.
The Food and Drug Administration (FDA) followed Medtronic’s announcement with a warning of its own for patients using affected models of the medical devices to switch to models better equipped to protect against cybersecurity risks. The agency also urged manufacturers to remain vigilant about their medical products – to monitor and assess cybersecurity vulnerability risk and be proactive about disclosing the vulnerabilities and mitigating to address the issues.
The FDA added that, to date, it was not aware of any confirmed reports of patient harm related to this issue. Medtronic said at least 4,000 patients are using insulin pumps that are vulnerable to this issue.
Affected insulin pumps include Medtronic’s MiniMed 508 and MiniMed Paradigm series. Medtronic said it is unable to adequately update the MiniMed 508 and Paradigm insulin pumps with any software or patch to address the vulnerabilities. Thus, the company is providing patients with alternative insulin pumps that have enhanced built-in cybersecurity capabilities.
Insulin pumps are small computerized devices that deliver insulin to a type 1 or type 2 diabetes patient throughout the day through a small flexible catheter implanted under their skin. The affected devices connect wirelessly to both the patients’ blood glucose meter and continuous glucose monitoring system. The remote controller and CareLink USB are used with these particular insulin pumps.
The FDA is working with Medtronic to address this cybersecurity issue and said it will keep the public informed if significant new information becomes available.