Several insulin pump models recalled for cybersecurity, hacking concerns


While the US FDA said that Medtronic was recalling several affected MiniMed pumps and providing alternative insulin pumps to patients, insulin pumps are not being recalled in India.

"Kindly note that the insulin pumps are not being recalled and are not required to be returned".

FDA has issued a warning to patients and providers of a recall of certain Medtronic (Dublin, Ireland) MiniMed insulin pumps that host potential cybersecurity risks and recommends that patients who are on these models switch to new models.

If this happens, the hacker may be able to wirelessly change the settings and the amount of insulin delivered to the individual using the pump.

While health professionals have warned that wireless medical devices - like all devices that connect to the internet - could possibly be hacked, it's largely a theoretical risk so far.

"The FDA urges manufacturers everywhere to remain vigilant about their medical products - to monitor and assess cybersecurity vulnerability risk, and to be proactive about disclosing vulnerabilities and mitigations to address them", Dr. Suzanne Schwartz, deputy director of the Office of Strategic Partnerships and Technology Innovation and acting division director for All Hazards Response, Science and Strategic Partnerships in the FDA's Center for Devices and Radiological Health, said in a written statement.

This makes it possible to load the OpenAPS ("open artificial pancreas") software into them to automate the process of monitoring the user's blood sugar, calculating the right insulin dose and administering it, sparing users from the trouble of doing that themselves multiple times per day and per night.

That means someone with malicious intent could feasibly direct the pump to over-deliver insulin, potentially causing dangerously low blood sugar levels, or stop delivery entirely, to cause a spike in blood sugar and diabetic ketoacidosis.

The drug regulator said it was not aware of any confirmed reports of patient harm related to the potential cybersecurity risks.

More recent Medtronic insulin pumps, such as the MiniMed 620G, 630G, 640G and 670G, are not affected by this vulnerability, according to Medtronic. She said it's pretty hard to "imagine cyberterrorists plotting the deaths of patients with diabetes by manipulating the inputs in their insulin pumps". That connectivity can provide invaluable data to help guide patient care, but also introduces a major security risk. At Medtronic, we take quality concerns with the utmost seriousness, and the safety of patients is our primary concern.