Medtronic PLC (NYSE: MDT) is recalling its Mini-Med Paradigm Series Insulin Pumps and its Mini-Med 508 Insulin Pump due to potential cybersecurity and hacking risks involved with the devices. Because the devices cannot be updated, Medtronic will be providing alternative insulin pumps to patients currently using the recalled devices. It has been estimated that at least 4,000 people are currently using the recalled devices.
The MiniMed 508 and the MiniMed Paradigm are small computerized devices that deliver insulin doses to diabetics. They are a convenient way to maintain blood glucose levels, compared with repeated insulin injections. The recalled devices are able to connect to monitoring devices, such as blood glucose monitors and glucose sensor transmitters, using a wireless radio frequency.
According to a warning from the U.S. Food and Drug Administration (FDA), “an unauthorized person with special technical skills and equipment” could connect to the device and change how much insulin is delivered. Interference with their settings could cause potentially serious health implications. Too little insulin delivered, and a diabetes patient could suffer from hyperglycemia and diabetic ketoacidosis. Too much insulin, and hypoglycemia could occur. All three conditions could be life-threatening.
In a statement, Suzanne Schwartz, an FDA official specializing in cybersecurity for medical devices, said, “While we are not aware of patients who may have been harmed by this particular cybersecurity vulnerability, the risk of patient harm if such a vulnerability were left unaddressed is significant.” Medtronic said it has received “no confirmed reports of unauthorized persons changing settings or controlling insulin delivery.”
Even though no incidents have been reported to Medtronic or the FDA, they are still advising that users take specific precautions as they await new devices. User should pay close attention to blood glucose levels and be alert to the pump’s notifications, alarms and alerts. It is also recommended that users maintain control of insulin pumps and connected devices at all times and to not share their pump’s serial number.