In a recent set of events last week, the US Food & Drug Administration (FDA) has recalled certain MiniMed insulin pumps – the MiniMed 508 insulin pump & the MiniMed Paradigm series insulin pumps – by manufacturer Medtronic, a Minneapolis, Minnesota-based global healthcare technology solutions company, due to potential cybersecurity risks. FDA, in its recall, has also advised that patients using these models should immediately switch over to upgraded models, that are better equipped with security features, as protection against these potential cybersecurity risks. Assuring further, the FDA stated that it, to date, has not received any confirmed reports of patient harm owing to these potential cybersecurity risks.
The cybersecurity vulnerabilities identified in the MiniMed insulin pump worries the FDA, as someone, with little technical know-how, other than a patient, caregiver, or health care provider, can easily break through the pump’s security, and gain access to the device. By connecting wirelessly to a nearby MiniMed insulin pump, an intruder can change the pump’s settings, causing the insulin administrator to over deliver insulin to a patient leading to low blood sugar (hypoglycemia), or to stop insulin delivery, leading to high blood sugar and diabetic ketoacidosis (a buildup of acids in the blood).
Medtronic has already started providing replacements for these affected pumps that come equipped with enhanced built-in cybersecurity capabilities. The Minnesota-based healthtech has, in total, identified an approx. 4,000 patients who are currently using these vulnerable insulin pumps. Furthermore, the global healthcare tech giant is also working closely with its distribution partner networks to identify additional patients that could be potentially using the MiniMed 508 & the MiniMed Paradigm series insulin pumps. The issue has escalated this far because Medtronic is unable to adequately update the vulnerable pumps with a software patch.