The FDA Is Recalling Medtronic Insulin Pumps Over Hacking Concerns

Medtronic
Medtronic | Medtronic

People who manage their type 1 or type 2 diabetes with insulin pumps should take note of a recent Food and Drug Administration announcement. According to the FDA, certain models of the Medtronic MiniMed pumps that allow users to connect to the device wirelessly could be vulnerable to hackers.

In a release, the FDA said that cybersecurity breaches could leave the Medtronic MiniMed exposed to hacking. The unit has wireless capability to exchange information with blood glucose meters, glucose monitoring systems, and the remote controller and CareLink USB device that can be attached to a computer to control the MiniMed’s settings. Because of that connectivity, it’s possible for a hacker to gain access to the pump, increasing insulin delivery and prompting a hypoglycemic event. The hacker could also halt insulin delivery, leading to high blood sugar and diabetic ketoacidosis (a buildup of acids called ketones in the blood). If left untreated, these conditions can lead to serious health issues and can even be fatal.

Insulin pumps control blood glucose levels by delivering insulin to a patient via a catheter placed under the skin. Their use avoids the need for insulin injections and can be indicated in patients who need more tailored monitoring.

There have been no reports of any adverse events as a result of this vulnerability, but the FDA is still recommending patients replace certain Medtronic MiniMed models, including the MiniMed 508 and the MiniMed Paradigm series. A full list of affected models can be found here. (The Medtronic MiniMed 530G, shown above, is not part of the recall.) Medtronic believes the recall applies to about 4000 patients using the devices. The company is recommending that those affected by the flaw speak with their health care provider about getting a replacement with increased cybersecurity protection.