FDA06.28.19
The U.S. Food and Drug Administration is warning patients and health care providers that certain Medtronic MiniMed insulin pumps are being recalled due to potential cybersecurity risks and recommends that patients using these models switch their insulin pump to models that are better equipped to protect against these potential risks. To date, the FDA is not aware of any confirmed reports of patient harm related to these potential cybersecurity risks.
The potential risks are related to the wireless communication between Medtronic's MiniMed insulin pumps and other devices such as blood glucose meters, continuous glucose monitoring systems, the remote controller, and CareLink USB device used with these pumps. The FDA is concerned that, due to cybersecurity vulnerabilities identified in the device, someone other than a patient, caregiver or health care provider could potentially connect wirelessly to a nearby MiniMed insulin pump and change the pump’s settings. This could allow a person to over deliver insulin to a patient, leading to low blood sugar (hypoglycemia), or to stop insulin delivery, leading to high blood sugar and diabetic ketoacidosis (a buildup of acids in the blood).
“The FDA urges manufacturers everywhere to remain vigilant about their medical products—to monitor and assess cybersecurity vulnerability risk, and to be proactive about disclosing vulnerabilities and mitigations to address them. This is part of the FDA’s overall effort to collaborate with manufacturers and health care delivery organizations—as well as security researchers and other government agencies—to develop and implement solutions to address cybersecurity issues throughout a device’s total product lifecycle,” said Suzanne Schwartz, M.D., MBA, deputy director of the Office of Strategic Partnerships and Technology Innovation and acting division director for All Hazards Response, Science and Strategic Partnerships in the FDA’s Center for Devices and Radiological Health. “While we are not aware of patients who may have been harmed by this particular cybersecurity vulnerability, the risk of patient harm if such a vulnerability were left unaddressed is significant. The safety communication issued today contains recommendations for what actions patients and health care providers should take to avoid the risk this vulnerability could pose. Any medical device connected to a communications network, like Wi-Fi, or public or home Internet, may have cybersecurity vulnerabilities that could be exploited by unauthorized users. However, at the same time it’s important to remember that the increased use of wireless technology and software in medical devices can also offer safer, more convenient, and timely health care delivery.”
The recalled pumps are Medtronic’s MiniMed 508 insulin pump and MiniMed Paradigm series insulin pumps. Medtronic is providing alternative insulin pumps to patients with enhanced built-in cybersecurity capabilities. In the U.S., Medtronic has identified 4,000 patients who are potentially using insulin pumps that are vulnerable to this issue. In addition, Medtronic is working with distributor partners to identify additional patients potentially using these pumps.
Insulin pumps are small computerized devices that deliver insulin to a patient throughout the day through a catheter (a small, flexible tube) implanted under the skin. They are often used instead of periodic insulin injections. People with type 1 or type 2 diabetes may need an insulin pump when they require insulin to maintain acceptable blood glucose levels.
The affected devices wirelessly connect to both the patients’ blood glucose meter—which measures a patient’s blood glucose levels at one point in time—and continuous glucose monitoring system—a sensor and transmitter that track a patient’s glucose levels throughout the day.
The remote controller and CareLink USB, a thumb-sized wireless device that plugs into a computer, are used with the affected insulin pumps. A patient can use the remote controller to send insulin bolus (dosing) commands to the insulin pump remotely and can use the CareLink USB to download data about their glucose levels from their insulin pump to monitor their own progress and share it with their health care provider.
Medtronic is unable to adequately update the MiniMed 508 and Paradigm insulin pumps with any software or patch to address the devices’ vulnerabilities. The FDA is working to assure that Medtronic addresses this cybersecurity issue, including helping patients with affected insulin pumps switch to newer models with better cybersecurity controls. The FDA will keep the public informed if significant new information becomes available.
The potential risks are related to the wireless communication between Medtronic's MiniMed insulin pumps and other devices such as blood glucose meters, continuous glucose monitoring systems, the remote controller, and CareLink USB device used with these pumps. The FDA is concerned that, due to cybersecurity vulnerabilities identified in the device, someone other than a patient, caregiver or health care provider could potentially connect wirelessly to a nearby MiniMed insulin pump and change the pump’s settings. This could allow a person to over deliver insulin to a patient, leading to low blood sugar (hypoglycemia), or to stop insulin delivery, leading to high blood sugar and diabetic ketoacidosis (a buildup of acids in the blood).
“The FDA urges manufacturers everywhere to remain vigilant about their medical products—to monitor and assess cybersecurity vulnerability risk, and to be proactive about disclosing vulnerabilities and mitigations to address them. This is part of the FDA’s overall effort to collaborate with manufacturers and health care delivery organizations—as well as security researchers and other government agencies—to develop and implement solutions to address cybersecurity issues throughout a device’s total product lifecycle,” said Suzanne Schwartz, M.D., MBA, deputy director of the Office of Strategic Partnerships and Technology Innovation and acting division director for All Hazards Response, Science and Strategic Partnerships in the FDA’s Center for Devices and Radiological Health. “While we are not aware of patients who may have been harmed by this particular cybersecurity vulnerability, the risk of patient harm if such a vulnerability were left unaddressed is significant. The safety communication issued today contains recommendations for what actions patients and health care providers should take to avoid the risk this vulnerability could pose. Any medical device connected to a communications network, like Wi-Fi, or public or home Internet, may have cybersecurity vulnerabilities that could be exploited by unauthorized users. However, at the same time it’s important to remember that the increased use of wireless technology and software in medical devices can also offer safer, more convenient, and timely health care delivery.”
The recalled pumps are Medtronic’s MiniMed 508 insulin pump and MiniMed Paradigm series insulin pumps. Medtronic is providing alternative insulin pumps to patients with enhanced built-in cybersecurity capabilities. In the U.S., Medtronic has identified 4,000 patients who are potentially using insulin pumps that are vulnerable to this issue. In addition, Medtronic is working with distributor partners to identify additional patients potentially using these pumps.
Insulin pumps are small computerized devices that deliver insulin to a patient throughout the day through a catheter (a small, flexible tube) implanted under the skin. They are often used instead of periodic insulin injections. People with type 1 or type 2 diabetes may need an insulin pump when they require insulin to maintain acceptable blood glucose levels.
The affected devices wirelessly connect to both the patients’ blood glucose meter—which measures a patient’s blood glucose levels at one point in time—and continuous glucose monitoring system—a sensor and transmitter that track a patient’s glucose levels throughout the day.
The remote controller and CareLink USB, a thumb-sized wireless device that plugs into a computer, are used with the affected insulin pumps. A patient can use the remote controller to send insulin bolus (dosing) commands to the insulin pump remotely and can use the CareLink USB to download data about their glucose levels from their insulin pump to monitor their own progress and share it with their health care provider.
Medtronic is unable to adequately update the MiniMed 508 and Paradigm insulin pumps with any software or patch to address the devices’ vulnerabilities. The FDA is working to assure that Medtronic addresses this cybersecurity issue, including helping patients with affected insulin pumps switch to newer models with better cybersecurity controls. The FDA will keep the public informed if significant new information becomes available.
