FDA: Medtronic Insulin Pumps May Have Digital Security Risks

The United States’ Food and Drug Administration (FDA) recently released a notice regarding the susceptibility of insulin pumps to cyber-attacks. According to The Washington Post, this resulted in medical manufacturer Medtronics withdrawing its devices from the market.

The FDA said that Medtronics’ MiniMed 508 and MiniMed Paradigm models may be vulnerable to cyber attacks. In an announcement, the Authority expressed concerns that malicious individuals may gain unauthorized access to the device.

This comes after reports of insufficient security measures in the devices’ software. A report by CNN says that connecting to internet networks can expose the pumps to harm. Networks such as Wi-Fis and public or home internet connections are possible sources of risk.

CNN emphasized diabetic patients use insulin pumps for insulin therapy in small or big doses. The device mimics the pancreas’ function while eliminating the need for periodic injections. Patients can monitor their pumps via connections to multiple devices.

FDA: Medtronic Insulin Pumps May Have Digital Security Risks

A detrimental effect of the vulnerability arises from the hacker’s potential to change settings of the automatic insulin delivery. The FDA said that malicious parties can connect to the device and alter the amount and frequency of delivery.

This can have grievous effects on patients. An overdose of insulin can lead to hypoglycemia, while the lack of insulin can result in hyperglycemia and diabetic ketoacidosis.

The FDA clarified that they did not receive reports of individuals affected by this vulnerability. However, digital security risk remains dangerous for patients if left in effect.

As of this writing, several Medtronic models and software versions proved to be susceptible to unauthorized access. The devices in question entered the market “in 2012 or earlier.” However, the manufacturer said that the devices are not updatable.

The company is offering devices with “enhanced built-in cybersecurity capabilities.” Medtronic communication director Pamela Reese noted that patients do not have to return the device.

According to the FDA, this security blunder may affect around 4,000 individuals. The Authority urges users to communicate with health professionals regarding alternative options. Users can also get in touch with Medtronic via landline or online to discuss replacing the products.

Meanwhile, the company and the FDA are working together to identify other patients who may be at risk. They reminded users to constantly monitor devices and insulin levels. Patients should also pay close attention to notifications and alerts from the device.