Cybersecurity Risks and Insulin Pumps

FDA warns about cybersecurity risks tied to some Medtronic insulin pumps

(RxWiki News) The US Food and Drug Administration (FDA) has issued a warning regarding some Medtronic MiniMed™ insulin pumps.

The warning highlights a potential cybersecurity risk. In other words, there is a risk for these devices to be hacked and remotely controlled by someone other than the intended user.

An insulin pump is a small device that helps manages diabetes. It works by mimicking how a pancreas works to regulate insulin. The pump delivers insulin that matches what the body needs.

However, if the pump is being controlled by someone other than the intended user, it could lead to serious or life-threatening diabetes complications. In the case of the MiniMed insulin pumps, the FDA warned that these devices could, in fact, be vulnerable to cybersecurity threats that would lead to external control.

As a result, Medtronic is recalling the following affected MiniMed pumps and providing alternative pumps:

All software versions:

  • MiniMed™ 508
  • MiniMed™ Paradigm™ 511
  • MiniMed™ Paradigm™ 512/712
  • MiniMed™ Paradigm™ 515/715
  • MiniMed™ Paradigm™ 522/722
  • MiniMed™ Paradigm™ 522K/722K
  • MiniMed™ Paradigm™ 712E (Available outside of the United States only)

Software version 2.4A or lower:

  • MiniMed™ Paradigm™ 523/723
  • MiniMed™ Paradigm™ 523K/723K

Available outside of the United States only:

Version 2.7A or lower:

  • MiniMed™ Paradigm™ Veo 554CM/754CM

Version 2.6A or lower:

  • MiniMed™ Paradigm™ Veo 554/754

The FDA recommended that patients who are currently using a MiniMed pump check whether this recall includes the device's model and software version.

While you wait for a replacement pump, the FDA recommended the following seven steps to lower the potential risk of a cybersecurity attack:

  1. Keep your insulin pump and devices that are connected to your pump within your control at all times.
  2. Never share the pump's serial number.
  3. Pay attention to all pump alarms, alerts and notifications.
  4. Monitor your blood sugar closely and act accordingly.
  5. Immediately cancel any unintended boluses.
  6. Do not connect your Medtronic insulin pump to any other devices besides Medtronic devices and software.
  7. When you are not using the USB device to download data from your pump, disconnect the USB device from your computer.

If you have signs or symptoms of severe low blood sugar or diabetic ketoacidosis, seek medical attention immediately. Also seek immediate medical attention if you believe your insulin pump settings or delivery changed.

Speak with your health care provider if you have any questions or concerns.

Written by Anyssa Garza, PharmD, BCMAS