The FDA Is Recalling Medtronic Insulin Pumps For Hacking Concerns

Those who rely on certain Medtronic MiniMed insulin pump models to administer insulin could be at risk, according to the U.S. Food and Drug Administration.

On June 27, the FDA issued a recall on 11 different Medtronic MiniMed insulin pump models due to potential hacking concerns. This is the full list of affected models:

• MiniMed 508 (with all software versions)
• MiniMed Paradigm 511 (with all software versions)
• MiniMed Paradigm 512/712 (with all software versions)
• MiniMed Paradigm 515/715 (with all software versions)
• MiniMed Paradigm 522/722 (with all software versions)
• MiniMed Paradigm 522K/722K (with all software versions)
• MiniMed Paradigm 523/723 (with software version 2.4A or lower)
• MiniMed Paradigm 523K/723K (with software version 2.4A or lower)
• MiniMed Paradigm 712E (with all software versions)
• MiniMed Paradigm Veo 554CM/754CM (with software version 2.7A or lower)
• MiniMed Paradigm Veo 554/754 (with software version 2.6A or lower)

The affected pumps have the capability to connect wirelessly to blood glucose meters, continuous glucose monitoring systems, CareLink USB devices or remote controls. However, this wireless capability has vulnerabilities and can be hacked.

If the Medtronic devices were to be hacked, someone other than the patient or a healthcare provider could get access to the pump’s settings, and thereby deliver too much or not enough insulin to a diabetes patient.

The FDA suggested that “patients using these models switch their insulin pump to models that are better equipped to protect against these potential risks.” In other words, stop using the Medtronic MiniMed insulin pump models immediately.

Meanwhile, the FDA promised to help ensure this won’t be an issue in the future, stating that it is working to “assure that Medtronic addresses this cybersecurity issue, including helping patients with affected insulin pumps switch to newer models with better cybersecurity controls,” it stated in a news release.

According to CNN, the company is “providing alternative insulin pumps to patients with enhanced built-in cybersecurity capabilities.”

The recall seems to be more of a precaution than anything else, as the FDA is unaware of any patients who have been harmed by the cybersecurity vulnerabilty.

However, Medtronic does estimate that there are about 4,000 patients in the U.S. who are affected by this recall, and are therefore at risk.

How To Find Out If You Have An Affected Pump

Medtronic and the FDA are working to help patients find out if they are at risk for a cybersecurity breach. To see if you have a recalled model and software version, you can follow along with the steps detailed in this letter from Medtronic.

If you should need a replacement pump, the FDA also has some advice for handling your Medtronic pump while you wait for a replacement.

The FDA recommends that you:

• Keep your insulin pump and the devices that are connected to your pump within your control at all times whenever possible.
• Do not share your pump serial number.
• Be attentive to pump notifications, alarms, and alerts.
• Monitor your blood glucose levels closely and act appropriately.
• Immediately cancel any unintended boluses (administrations of the drug).
• Connect your Medtronic insulin pump to other Medtronic devices and software only.
• Disconnect the USB device from your computer when you are not using it to download data from your pump.

It recommended to seek medical attention immediately if you notice your insulin delivery settings have changed unexpectedly or if you experience symptoms of severe hypoglycemia (low blood sugar) or diabetic ketoacidosis (dangerously high blood sugar), such as shortness of breath, dizziness or weakness, paleness and sudden hunger.

If you have any further questions or concerns, you can contact the Division of Industry and Consumer Education (DICE) at 800-638-2041 or 301-796-7100.