The FDA has warned patients and health care providers that certain Medtronic MiniMed™ insulin pumps have potential cybersecurity risks. The FDA warns that “patients with diabetes using these models should switch their insulin pump to models that are better equipped to protect against these potential risks.”
The FDA has become aware that an unauthorized person (someone other than a patient, patient caregiver, or health care provider) could potentially connect wirelessly to a nearby MiniMed insulin pump with cybersecurity vulnerabilities. This person could change the pump’s settings to either over-deliver insulin to a patient, leading to low blood sugar (hypoglycemia), or stop insulin delivery, leading to high blood sugar and diabetic ketoacidosis.
Medtronic cannot update the MiniMed™ 508 and Paradigm™ insulin pump models to address these potential cybersecurity risks. As a result, the FDA recommends patients replace affected pumps with models that are better equipped to protect them from these risks. To date, the FDA is not aware of any reports of patient harm related to these potential cybersecurity risks.
Medtronic has agreed to recall the affected pumps and providing alternative insulin pumps to patients. To see if the list of impacted devices, read the Medtronic Patient Letter or call Medtronic at 1-866-222-2584 or go to Medtronic’s website.