Home Diabetes and Endocrinology FDA Warns of Cybersecurity Risk With Certain Medtronic Insulin Pumps

FDA Warns of Cybersecurity Risk With Certain Medtronic Insulin Pumps

Equipment issue may allow someone to break in and cause the pump to deliver too much or too little insulin to the patient

TUESDAY, Sept. 20, 2022 (HealthDay News) — The U.S. Food and Drug Administration is warning patients who use a particular insulin pump system that unauthorized people could access it and change how much insulin a patient receives.

The pump at the center of the FDA alert is the Medtronic MiniMed 600 Series Insulin Pump System, including models such as MiniMed 630G and MiniMed 670G. Components such as the insulin pump, continuous glucose monitoring transmitter, blood glucose meter, and CareLink USB device communicate wirelessly, the FDA noted. An equipment issue may allow someone to break in and cause the pump to deliver too much or too little insulin to the patient.

For this cybersecurity breach to happen, an unauthorized person nearby would need to gain access to a pump as it is pairing with other system components. No one has reported that this has happened, the FDA noted.

Medtronic issued an urgent warning to inform users about this risk and make recommendations. The company is working with the FDA to identify, communicate, and prevent this cybersecurity issue from happening.

“For your safety, we want to inform you of a potential issue associated with the communication protocol used by your pump system,” the warning said. “Unauthorized access to your pump’s communication protocol could compromise your pump’s delivery of insulin.”

The company added that patients should turn off the “Remote Bolus” feature on their pump, which is turned on by default. In addition, Medtronic said patients should do any connection linking of devices in a nonpublic space. Patients should also disconnect the USB device from their computer when it is not being used to download pump data and should never confirm remote connection requests or other remote actions unless patients or care partners initiated them.

Copyright © 2022 HealthDay. All rights reserved.