Published: Mon, July 01, 2019
Health Care | By Cedric Leonard

Medtronic: Older insulin pumps are vulnerable to hackers

Medtronic: Older insulin pumps are vulnerable to hackers

Medtronic is recalling some models of insulin pumps that are open to hacks, and the Food and Drug Administration warned consumers on Thursday that they can not be patched to fix the holes.

Medtronic thinks there's no evidence that anyone using the pumps has been affected in this way, but says it has chose to recall the MiniMed 508 and MiniMed Paradigm series as a precaution and allow patients to switch to models with greater cybersecurity. According to the company, some of these MiniMed pumps have a critical cybersecurity issue that can not be patched, leaving them permanently vulnerable to hackers who wirelessly access them.

Altered insulin delivery could lead to dangerously high or low blood sugar levels, the company noted.

While the US FDA said that Medtronic was recalling several affected MiniMed pumps and providing alternative insulin pumps to patients, insulin pumps are not being recalled in India.

It's not the first time security issues have been raised about Medtronic insulin pumps. Around 4,000 people in the U.S. are thought to use the affected pumps. If you have one of those pumps, they recommend you switch to different models.

"While we are not aware of patients who may have been harmed by this particular cybersecurity vulnerability, the risk of patient harm if such a vulnerability were left unaddressed is significant", Suzanne Schwartz, an FDA official specializing in cybersecurity for medical devices, said in a statement.

Japan's Abe offers Saudi crown prince help in reducing oil dependency
PM @narendramodi met with Crown Prince of Saudi Arabia Mohammed bin Salman Al Saud on the margins of the #G20 . But "nobody so far has directly pointed a finger at the future king of Saudi Arabia", Trump added.


The insulin pumps subject to the recall connect wirelessly to other insulin equipment, including glucose meters, a monitoring system and controls that pump insulin.

These commands can, for instance, tell the pump to inject too much insulin, causing the patient to suffer hypoglycemia and pass out or enter a seizure, or too little insulin and cause the patient to develop serious life-threatening ketoacidosis. No patient issues have been reported in India so far.

Medtronic, which issued a statement about the issue, says it has begun sending letters to affected patients.

In its alert, DHS notes: "The affected insulin pumps are created to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This vulnerability could also allow attackers to change pump settings and control insulin delivery". This includes keeping the device's serial number private, not connecting to any third-party software or hardware, and disconnecting the related CareLink USB device from a computer when it isn't being used. The FDA sent out a "safety communication" in March but did not recall any devices.

Monitor their blood glucose levels closely and act appropriately.

Like this: