US FDA Warning that Medtronic Insulin Pumps Can Be Subjected to Cybersecurity Hacking
The US FDA has announced last week that certain models of insulin pumps made by Medtronic are being recalled due to potential cybersecurity risk that can make these devices vulnerable to hacking. Both the US FDA and Medtronic said that here has been not a known case so far of someone hacking an insulin pump but precautions are being taken to prevent such incidences.
Medtronic commented in a letter sent to patients and media including Thailand Medical News,"It was discovered that any unauthorized person with special technical skills and equipment could potentially connect wirelessly to a nearby insulin pump to change settings and control insulin delivery," Altered insulin delivery could lead to dangerously high or low blood sugar levels, the company noted and in some cases cause death.
An endocrinologist at Lenox Hill Hospital in New York, Dr. Caroline Messer commented,”it is pretty hard to imagine cyberterrorists plotting the deaths of patients with diabetes by manipulating the inputs in their insulin pumps. But due to excessive caution, it is clearly better for the FDA to take a proactive approach and recall Medtronic's more vulnerable pumps."
Patients with diabetes use insulin pumps,compact computerized devices to deliver insulin throughout days via a small tube inserted underneath the skin. The affected devices connect wirelessly to a patient's blood sugar meter and to a continuous glucose monitor, which tracks a patient's blood sugar level throughout the day. The pump's data can also be uploaded wirelessly to a computer and sent to the patient's physician.
The models of the cybersecurity risk insulin pumps include Medtronic's:
- Minimed 508 (All software versions)
- MiniMed Paradigm (All software versions for 511, 512, 712, 712E, 515, 715, 522, 722, 522K, 722K)
- MiniMed Paradigm (Software versions 2.4A or lower for 523, 723, 523K, 723K)
- MiniMed Paradigm Veo (Software version 2.6A and lower for 554, 754)
- MiniMed Paradigm Veo (Software version 2.7A and lower for 554CM, 754CM)
Medtronic said customers around the world should speak with their doctors about switching to a newer model insulin pump, because they have increased cybersecurity. The cost of any upgrade will depend on the patient's insurance coverage, the company said. Until the end of 2019, Medtronic is also offering users of recalled pumps, discounts for upgrades to a newer, safer model from the company.
More recent Medtronic insulin pumps, such as the MiniMed 620G, 630G, 640G and 670G, are not affected by this cybersecurity vulnerability.
The US FDA further advised that health care providers also need to be careful with the information they gather from patients' pumps. Proper firewalls are needed to maintain safety, confidentiality and privacy.