Those who rely on certain Medtronic MiniMed insulin pump models to administer insulin could be at risk, according to the U.S. Food and Drug Association.
On June 27, the FDA issued a recall on 11 different Medtronic MiniMed insulin pump models due to potential hacking concerns. This is the full list of affected models:
- MiniMed 508 (with all software versions)
- MiniMed Paradigm 511 (with all software versions)
- MiniMed Paradigm 512/712 (with all software versions)
- MiniMed Paradigm 515/715 (with all software versions)
- MiniMed Paradigm 522/722 (with all software versions)
- MiniMed Paradigm 522K/722K (with all software versions)
- MiniMed Paradigm 523/723 (with software version 2.4A or lower)
- MiniMed Paradigm 523K/723K (with software version 2.4A or lower)
- MiniMed Paradigm 712E (with all software versions)
- MiniMed Paradigm Veo 554CM/754CM (with software version 2.7A or lower)
- MiniMed Paradigm Veo 554/754 (with software version 2.6A or lower)
The affected pumps have the capability to connect wirelessly to a blood glucose meter, continuous glucose monitoring systems, a CareLink USB device or a remote control. However, this wireless capability has vulnerabilities and can be hacked.
If the Medtronic devices were to be hacked, someone other than the patient or a healthcare provider could have access to the pump’s settings, and thereby deliver too much or not enough insulin to a diabetes patient.
The FDA suggested that “patients using these models switch their insulin pump to models that are better equipped to protect against these potential risks.” In other words, stop using the Medtronic MiniMed insulin pump models immediately.
Meanwhile, the FDA promised to help ensure this won’t be an issue in the future, stating that it is working to “assure that Medtronic addresses this cybersecurity issue, including helping patients with affected insulin pumps switch to newer models with better cybersecurity controls,” a press release stated.
According to CNN, the company is “providing alternative insulin pumps to patients with enhanced built-in cybersecurity capabilities.”
The recall seems to be more of a precaution than anything else, as the FDA is unaware of any patients who have been harmed by the cybersecurity vulnerabilty.
However, Medtronic does estimate that there are about 4,000 patients in the U.S. who are affected by this recall, and therefore are at risk.
How To Find Out If You Have An Affected Pump
Medtronic and the FDA are working to help patients find out if they are at risk for a cybersecurity breach. To see if you have a recalled model and software version, you can follow along with the steps detailed in this letter from Medtronic.
If you should need a replacement pump, the FDA also has some advice for handling your Medtronic pump while you wait for a replacement.
The FDA recommended that customers:
- Keep your insulin pump and the devices that are connected to your pump within your control at all times whenever possible.
- Do not share your pump serial number.
- Be attentive to pump notifications, alarms, and alerts.
- Monitor your blood glucose levels closely and act appropriately.
- Immediately cancel any unintended boluses (administrations of the drug).
- Connect your Medtronic insulin pump to other Medtronic devices and software only.
- Disconnect the USB device from your computer when you are not using it to download data from your pump.
It recommended seeking medical attention immediately if you notice your insulin delivery change unexpectedly or if you experience symptoms of severe hypoglycemia (low blood sugar) or diabetic ketoacidosis (dangerously high blood sugar), including shortness of breath, feeling dizzy or weak, etc.
If you have any further questions or concerns, you can contact the Division of Industry and Consumer Education (DICE) at 800-638-2041 or 301-796-7100.