Medtronic Recalls Insulin Pumps At Risk Of Cyberattack

Medtronic MiniMed recalls some of its insulin pumps after the US Food and Drug Administration warned the company that some of its products are vulnerable to hacking.

In the statement that the FDA posted, they indicated that the agency had been made aware that “an unauthorized person (someone other than a patient, patient caregiver, or health care provider) could potentially connect wirelessly to a nearby MiniMed insulin pump with cybersecurity vulnerabilities.”

Particularly, Medtronic recalls these devices after noting that the company cannot update these devices to fend off potential hackers:

Pump ModelSoftware Version
MiniMed™ 508All versions
MiniMed™ Paradigm™ 511All versions
MiniMed™ Paradigm™ 512/712All versions
MiniMed™ Paradigm™ 515/715All versions
MiniMed™ Paradigm™ 522/722All versions
MiniMed™ Paradigm™ 522K/722KAll versions
MiniMed™ Paradigm™ 523/723Version 2.4A or lower
MiniMed™ Paradigm™ 523K/723KVersion 2.4A or lower
MiniMed™ Paradigm™ 712E*All versions
MiniMed™ Paradigm™ Veo 554CM/754CM*Version 2.7A or lower
MiniMed™ Paradigm™ Veo 554/754*Version 2.6A or lower

* Available outside the United States only.

In light of the situation, the FDA has advised patients currently using the older versions of insulin pumps to update their devices to avoid harmful circumstances.

Insulin is a drug that helps people with diabetes adjust to abnormal blood glucose levels. Furthermore, daily doses help combat the disease by preventing or stopping it from progressing and causing dangerous complications. However, improper treatment can also lead to the same adverse circumstances.

Specifically, patients are in threat because hackers could change the pump’s settings to either over-deliver insulin, leading to low blood sugar (hypoglycemia), or stop insulin delivery, leading to high blood sugar and diabetic ketoacidosis.

“The FDA urges manufacturers everywhere to remain vigilant about their medical products — to monitor and assess cybersecurity vulnerability risk, and to be proactive about disclosing vulnerabilities and mitigations to address them,” Dr. Suzanne Schwartz, deputy director of the Office of Strategic Partnerships and Technology Innovation and acting division director for All Hazards Response, Science and Strategic Partnerships in the FDA’s Center for Devices and Radiological Health, said in an FDA statement.

As a precaution, the FDA also advised patients, caregivers, and other health care providers to remain vigilant against cybersecurity threats through:

  • Keep your insulin pump and the devices that are connected to your pump within your control at all times whenever possible.
  • Do not share your pump serial number.
  • Be attentive to pump notifications, alarms, and alerts.
  • Monitor your blood glucose levels closely and act appropriately.
  • Immediately cancel any unintended boluses.
  • Connect your Medtronic insulin pump to other Medtronic devices and software only.
  • Disconnect the USB device from your computer when you are not using it to download data from your pump.

Fortunately, the FDA, so far, has not received news that a patient has encountered issues regarding their insulin pumps getting hacked or any harm caused by the situation.

“While we are not aware of patients who may have been harmed by this particular cybersecurity vulnerability, the risk of patient harm, if such a vulnerability were left unaddressed, is significant,” she said in part. “Any medical device connected to a communications network, like Wi-Fi, or public or home Internet, may have cybersecurity vulnerabilities that could be exploited by unauthorized users. However, at the same time it’s important to remember that the increased use of wireless technology and software in medical devices can also offer safer, more convenient, and timely health care delivery.”

Insulin pumps are small, computerized devices that deliver insulin continuously throughout the day, which mimics the healthy way the body produces insulin. It delivers insulin in two ways: a basal rate which is a continuous, small trickle of insulin that keeps blood glucose stable between meals and overnight; and a bolus rate, which is a much higher rate of insulin taken before eating to “cover” the food you plan to eat.

The innovation has helped people by delivering the drug in a more predictably and accurately manner at more precise times of the day. Patients then have tighter blood glucose control while reducing the risk of low blood glucose, lesser episodes of severe hypoglycemia, and better manages the “dawn —an occurrence when a patient’s body doesn’t release more insulin to match the early-morning rise in blood sugar.

In the US, there are about 350,000 people with diabetes who use these automated devices for their ease and comfort. Meanwhile, Medtronic identified about 4,000 patients in threat to cyber attacks.

Be the first to comment on "Medtronic Recalls Insulin Pumps At Risk Of Cyberattack"

Leave a comment

Your email address will not be published.