Access to the PPM Journal and newsletters is FREE for clinicians.

FDA Warns of Potential Cybersecurity Concerns with Medtronic Insulin Pumps

June 28, 2019
MiniMed 508 and Paradigm devices may be vulnerable to hacking.

A PPM Brief

FDA has issued a warning1 to patients and providers of a recall of certain Medtronic (Dublin, Ireland) MiniMed insulin pumps that host potential cybersecurity risks and recommends that patients who are on these models switch to new models. The specific recalled pumps are Medtronic’s MiniMed 508 insulin pump and MiniMed Paradigm series. FDA has yet to confirm a report of patient harm related to this recall.

The risks are related to the insulin pump’s wireless communication system between the device and blood glucose meters, continuous glucose monitoring systems, and the remote controller and CareLink USB device used with the pumps. Due to cybersecurity vulnerabilities, FDA is concerned of possible hacking of the devices that could lead to changing the pump’s settings, leading to over delivering insulin (causing hypoglycemia) or stopping insulin delivery (causing high blood sugar and diabetic ketoacidosis).

To date, there has not been any reports of hacking with these pumps, per the FDA. (Source:123RF)

“The FDA urges manufacturers everywhere to remain vigilant about their medical products—to monitor and assess cybersecurity vulnerability risk, and to be proactive about disclosing vulnerabilities and mitigations to address them,” said Suzanne Schwartz, MD, MBA, deputy director of the Office of Strategic Partnerships and Technology Innovation in the FDA’s Center for Devices and Radiological Health, in the press release. “While we are not aware of patients who may have been harmed by this particular cybersecurity vulnerability, the risk of patient harm if such a vulnerability were left unaddressed is significant.”

According to the FDA press release, the company has been unable to adequately update the MiniMed 508 and Paradigm insulin pumps with any software or patch to address the devices’ vulnerabilities; FDA is working with the company to address the issue and help patients switch to new models.

Thus far, Medtronic has identified 4,000 patient users (in the US) who are vulnerable to this issue. The company is beginning to provide alternative insulin pumps to these patients that have enhanced, built-in cybersecurity capabilities, and is working with distributors to identify any additional patients who may be vulnerable.

Last updated on: June 28, 2019
Continue Reading:
Management of Intrathecal Therapies by Interprofessional Teams
close X