US FDA warns of cybersecurity risk to certain Medtronic insulin pumps
Premium- The potential risks are related to the wireless communication between Medtronic's MiniMed insulin pumps and other devices
- Medtronic has identified 4,000 patients who are potentially using insulin pumps that are vulnerable to this issue
The US Food and Drug Administration (FDA) has raised an alarm about a possible risk of hacking of some insulin pumps manufactured by device maker Medtronic PLC. Subsequently, certain insulin pumps from Medtronic Minimed have been recalled due to potential cybersecurity risks.
The US drug regulator has recommended for people who use those insulin pumps to switch to different models. The potential risks are related to the wireless communication between Medtronic's MiniMed insulin pumps and other devices such as blood glucose meters, continuous glucose monitoring systems, the remote controller and CareLink USB device used with these pumps.
In its warning, the FDA noted that these devices pose the risk of someone other than a patient, caregiver or health care provider could potentially connect wirelessly to a nearby MiniMed insulin pump and change the pump’s settings. This could allow a person to over deliver insulin to a patient, leading to low blood sugar (hypoglycemia), or to stop insulin delivery, leading to high blood sugar and diabetic ketoacidosis (a buildup of acids in the blood).
“The FDA urges manufacturers everywhere to remain vigilant about their medical products—to monitor and assess cybersecurity vulnerability risk, and to be proactive about disclosing vulnerabilities and mitigations to address them. This is part of the FDA’s overall effort to collaborate with manufacturers and health care delivery organizations—as well as security researchers and other government agencies—to develop and implement solutions to address cybersecurity issues throughout a device’s total product lifecycle," said Suzanne Schwartz, M.D., MBA, deputy director of the Office of Strategic Partnerships and Technology Innovation and acting division director for All Hazards Response, Science and Strategic Partnerships in the FDA’s Center for Devices and Radiological Health in a statement.
The recalled pumps are Medtronic’s MiniMed 508 insulin pump and MiniMed Paradigm series insulin pumps. Medtronic is providing alternative insulin pumps to patients with enhanced built-in cybersecurity capabilities. In the U.S., Medtronic has identified 4,000 patients who are potentially using insulin pumps that are vulnerable to this issue.
Insulin pumps are small computerized devices that can deliver insulin therapy to diabetes patients in continuous doses to help them control blood glucose levels. According to the FDA, the hacker could possibly change the pump's settings to either over-deliver insulin to a patient, which could lead to low blood sugar, or to stop insulin delivery altogether, which could lead to high blood sugar and a life-threatening complication called diabetic ketoacidosis.
While the FDA is yet not aware of the patients who may have been harmed by this cybersecurity vulnerability, Schwartz stated in a statement that the risk of patient harm if such a vulnerability were left unaddressed is “significant".
As listed on the FDA's website, Medtronic is recalling the following insulin pumps- MiniMed 508 (with all software versions), MiniMed Paradigm 511 (with all software versions), MiniMed Paradigm 512/712 (with all software versions), MiniMed Paradigm 522/722 (with all software versions), MiniMed Paradigm 522K/722K (with all software versions), MiniMed Paradigm 523/723 (with software version 2.4A or lower), MiniMed Paradigm 523K/723K (with software version 2.4A or lower), MiniMed Paradigm 712E (with all software versions), MiniMed Paradigm Veo 554CM/754CM (with software version 2.7A or lower), MiniMed Paradigm Veo 554/754 (with software version 2.6A or lower).
According to Medtronic spokesperson, In India, Medtronic is proactively informing the regulators and other relevant stakeholders and in the process of working with researchers, doctors and patients to address any questions or concerns that they may have. No patient issues have been reported in India so far. MiniMed™ 508 had been discontinued in India since 2011. Over the years, we’ve launched many advanced models of insulin pumps and they are safe for patients. At Medtronic, we take quality concerns with the utmost seriousness, and the safety of patients is our primary concern. As technologies evolve, we will continue to collaborate with industry researchers and regulators to improve device security approaches and develop high-quality therapies that positively impact lives."
