FDA issues warning on Medtronic insulin pump vulnerabilities

The Federal Drug Administration (FDA) warned patients and healthcare providers of vulnerabilities that impact certain Medtronic insulin pumps. Medtronic confirmed the risks and issued recalls to replace MiniMed™ 508 insulin pump and the MiniMed™ Paradigm™ series insulin pump models.

According to the FDA, the issue is related to the wireless communication between Medtronic’s MiniMed insulin pumps and other medical devices. For instance, devices such as blood glucose meters and monitoring systems, remote controller and CareLink USB devices, used with the insulin pumps.

An excerpt from the FDA news release:

“The U.S. Food and Drug Administration is warning patients and health care providers that certain Medtronic MiniMed insulin pumps are being recalled due to potential cybersecurity risks and recommends that patients using these models switch their insulin pump to models that are better equipped to protect against these potential risks. To date, the FDA is not aware of any confirmed reports of patient harm related to these potential cybersecurity risks.”

Medtronic confirmed the vulnerabilities and issued an urgent notification to customers about the impacted insulin pumps.

“An unauthorized person with special technical skills and equipment could potentially connect wirelessly to a nearby insulin pump to change settings and control insulin delivery. This could lead to hypoglycemia (if additional insulin is delivered) or hyperglycemia and diabetic ketoacidosis (if not enough insulin is delivered),” James Dabbs of Medtronic stated in the notice.

Medtronic also issued instructions to patients on how to replace impacted models. The company also provided cybersecurity safeguards to minimize potential impact in the mean time.

Readers may remember the FDA released a new Medical Device Safety Action Plan last year in an effort to protect patient safety and promote public health.