The Food and Drug Administration is warning patients and healthcare providers of the potential cybersecurity risks associated with certain Medtronic MiniMed insulin pumps. Due to this issue, Medtronic is recalling the MiniMed 508 insulin pump and the MiniMed Paradigm series insulin pumps and providing alternative devices with enhanced cybersecurity features to affected patients.
The cybersecurity issue stems from the wireless communication between the insulin pumps and other devices used with these pumps (ie, blood glucose meters, continuous glucose monitoring systems, the remote controller and CareLink USB device). The FDA is concerned that an individual other than a patient, caregiver or healthcare provider may be able to connect wirelessly to a nearby MiniMed insulin pump and change its settings. This could potentially leading to too much or too little insulin being delivered to the patient. According to Medtronic, there are 4000 patients in the US that are using pumps that may be vulnerable to a cyber attack.
“While we are not aware of patients who may have been harmed by this particular cybersecurity vulnerability, the risk of patient harm if such a vulnerability were left unaddressed is significant,” said Suzanne Schwartz, MD, MBA, deputy director of the Office of Strategic Partnerships and Technology Innovation and acting division director for All Hazards Response, Science and Strategic Partnerships in the FDA’s Center for Devices and Radiological Health. “The safety communication issued today contains recommendations for what actions patients and healthcare providers should take to avoid the risk this vulnerability could pose.”
This is not the first time the FDA has issued a warning regarding potential cybersecurity issues with Medtronic products. In October 2018, the Agency alerted the public of cybersecurity vulnerabilities associated with Medtronic cardiac implantable electrophysology devices.
For more information visit FDA.gov.