FDA Warns About Cybersecurity Concerns With Some Medtronic Insulin Pumps

Megan Brooks

June 27, 2019

The US Food and Drug Administration (FDA) has issued a warning about certain Medtronic MiniMed insulin pumps after the manufacturer recalled the devices due to potential risk of them being hacked , the agency said today.

The recalled pumps are Medtronic's MiniMed 508 insulin pump and MiniMed Paradigm series insulin pumps. The FDA recommends that patients using these models switch their insulin pump to models that are better equipped to protect against these potential risks.

"While we are not aware of patients who may have been harmed by this particular cybersecurity vulnerability, the risk of patient harm if such a vulnerability were left unaddressed is significant," Suzanne Schwartz, MD, deputy director of the Office of Strategic Partnerships and Technology Innovation and acting division director for All Hazards Response, Science and Strategic Partnerships in the FDA's Center for Devices and Radiological Health, said in a statement.

The cybersecurity vulnerabilities identified in the device mean that someone other than a patient, caregiver, or healthcare provider could connect wirelessly to a nearby MiniMed insulin pump and change the pump's settings, the FDA warns. This could allow a person to overdeliver insulin to a patient, leading to hypoglycemia, or to stop insulin delivery, leading to hyperglycemia and diabetic ketoacidosis.

Medtronic can't adequately update the MiniMed 508 and Paradigm insulin pumps with any software or patch to address the devices' vulnerabilities, the FDA said.

Medtronic has identified 4000 patients in the US who are potentially using the recalled insulin pumps that are vulnerable to this issue and is working with its distributors to identify additional patients potentially using these pumps.  Medtronic is providing alternative insulin pumps to patients with enhanced built-in cybersecurity capabilities and sent a letter to patients explaining the issue.

"The FDA urges manufacturers everywhere to remain vigilant about their medical products — to monitor and assess cybersecurity vulnerability risk, and to be proactive about disclosing vulnerabilities and mitigations to address them," Schwartz said.

"This is part of the FDA's overall effort to collaborate with manufacturers and health care delivery organizations — as well as security researchers and other government agencies — to develop and implement solutions to address cybersecurity issues throughout a device's total product lifecycle," she added.

In March, the FDA warned about cybersecurity vulnerabilities in Medtronic's implantable cardiac devices and telemetry systems, as reported by Medscape Medical News

For more news, follow Medscape on FacebookTwitter, Instagram, and YouTube


Comments on Medscape are moderated and should be professional in tone and on topic. You must declare any conflicts of interest related to your comments and responses. Please see our Commenting Guide for further information. We reserve the right to remove posts at our sole discretion.