Sam Brusco, Associate Editor09.21.22
The U.S. Food and Drug Administration (FDA) alerted users about a cybersecurity risk concerning Medtronic’s MiniMed 600 series insulin pump system (MiniMed 630G and 670G).
According to FDA, there’s a possible issue with the pump’s communication protocol that could allow unauthorized access to the pump system. Should this occur, the pump’s protocol could be compromised and cause it to deliver too much or too little insulin.
MiniMed 600 series pumps have components that communicate wirelessly—the insulin pump, continuous glucose monitoring (CGM) transmitter, blood glucose meter, and CareLink USB device. For unauthorized access to happen, a nearby unauthorized person would need to gain access to the pump while it’s being paired with other system components.
Medtronic emphasized in its Urgent Medical Device Correction that this method of unauthorized access cannot be done over the internet.
As of yet the FDA and Medtronic said they weren’t aware of any reports related to the cybersecurity issue. The two organizations said they are working to identify, communicate, and prevent adverse events related to the cybersecurity vulnerability.
According to FDA, there’s a possible issue with the pump’s communication protocol that could allow unauthorized access to the pump system. Should this occur, the pump’s protocol could be compromised and cause it to deliver too much or too little insulin.
MiniMed 600 series pumps have components that communicate wirelessly—the insulin pump, continuous glucose monitoring (CGM) transmitter, blood glucose meter, and CareLink USB device. For unauthorized access to happen, a nearby unauthorized person would need to gain access to the pump while it’s being paired with other system components.
Medtronic emphasized in its Urgent Medical Device Correction that this method of unauthorized access cannot be done over the internet.
As of yet the FDA and Medtronic said they weren’t aware of any reports related to the cybersecurity issue. The two organizations said they are working to identify, communicate, and prevent adverse events related to the cybersecurity vulnerability.