Medtronic has been recalling several models of its MiniMed insulin pumps due to a cyber-security risk, which could allow hackers to control the devices remotely and tamper their settings, leading to serious medical complications.
The U.S. Food and Drug Administration (FDA) said, “Patients with diabetes using these models should switch their insulin pump to models that are better equipped to protect against these potential risks.”
Insulin pumps communicate with devices, such as blood glucose monitors and glucose sensor transmitters, by using a wireless radiofrequency.
In an official letter to patients, Medtronic said, “An unauthorized person could potentially connect wirelessly to one of the nearby pumps and change its settings.”
As insulin pumps are used to regulate the dose and frequency of insulin taken by diabetics, any type of interference with their settings could potentially lead to serious health implications.
Medtronic said, “This could lead to hypoglycemia (if additional insulin is delivered) or hyperglycemia and diabetic ketoacidosis (if not enough insulin is delivered).”
Well, this is not the first time Medtronic insulin pumps have been facing cyber-security issues. In 2011, Jay Radcliffe, Security Researcher, cautioned about a security defect that could potentially allow a hacker to tamper or disable a Medtronic insulin pump.
However, Medtronic said, “No confirmed reports of unauthorized persons changing settings or controlling insulin delivery.”
Here are those models that have been recalled, with the software version in parenthesis:
- MiniMed 508 (All versions)
- MiniMed Paradigm 511 (All versions)
- MiniMed Paradigm 512/712 (All versions)
- MiniMed Paradigm 515/715 (All versions)
- MiniMed Paradigm 522/722 (All versions)
- MiniMed Paradigm 522K/722K (All versions)
- MiniMed Paradigm 523/723 (Version 2.4A or lower)
- MiniMed Paradigm 523K/723K (Version 2.4A or lower)
- MiniMed Paradigm 712E* (All versions)
- MiniMed Paradigm Veo 554CM/754CM* (Version 2.7A or lower)
- MiniMed Paradigm Veo 554/754* (Version 2.6A or lower)
Medtronic has been recommending that patients with diabetes who are using the pumps should take several precautions, including keeping the insulin pumps and devices connected to the pump “within your control at all times.”
Diabetics who use the insulin pump should be alert to their notifications and alarms. More importantly, one should not share their pump’s serial number. The FDA advised seeking medical help if patients using insulin pumps believe that their settings have changed. Patients are also advised to seek medical help if they experience symptoms of severe hypoglycemia or diabetic ketoacidosis.
