The company and FDA say certain pumps are vulnerable to hacking
FRIDAY, June 28, 2019 (HealthDay News) — The U.S. Food and Drug Administration announced Thursday that some high-tech insulin pumps made by Medtronic are being recalled for potential cybersecurity risks that could leave them vulnerable to hacking.
Due to the wireless communication between Medtronic’s MiniMed insulin pumps and other devices such as blood glucose meters, continuous glucose monitoring systems, the remote controller, and CareLink USB device used with the pumps, “an unauthorized person with special technical skills and equipment could potentially connect wirelessly to a nearby insulin pump to change settings and control insulin delivery,” Medtronic wrote in a letter sent to patients.
Both the FDA and Medtronic said there are no known cases yet of someone hacking an insulin pump. The potentially vulnerable insulin pumps include the MiniMed 508 (all software versions); MiniMed Paradigm (all software versions for 511, 512, 712, 712E, 515, 715, 522, 722, 522K, and 722K and software versions 2.4A or lower for 523, 723, 523K, and 723K); and MiniMed Paradigm Veo (software version 2.6A and lower for 554 and 754 and software version 2.7A and lower for 554CM and 754CM).
More recent Medtronic insulin pumps, such as the MiniMed 620G, 630G, 640G, and 670G, are not affected by this vulnerability, according to Medtronic. Medtronic said customers in the United States should speak with their health care providers about switching to a newer model insulin pump, because they have increased cybersecurity. Until the end of 2019, Medtronic is also offering users of recalled pumps an exchange to a newer, safer model for a $399 discounted price.