FDA Issues Warning Regarding Cybersecurity Risks for Certain Medtronic Insulin Pumps

On June 27, 2019, the FDA issued a warning patients and health care providers that certain Medtronic MiniMed™ insulin pumps have potential cybersecurity risks. Patients with diabetes using these models should switch their insulin pump to models that are better equipped to protect against these potential risks.

Medtronic is recalling the following affected MiniMed pumps and providing alternative insulin pumps to patients:

Pump Model	Software Version
MiniMed™ 508	All versions
MiniMed™ Paradigm™ 511	All versions
MiniMed™ Paradigm™ 512/712	All versions
MiniMed™ Paradigm™ 515/715	All versions
MiniMed™ Paradigm™ 522/722	All versions
MiniMed™ Paradigm™ 522K/722K	All versions
MiniMed™ Paradigm™ 523/723	Version 2.4A or lower
MiniMed™ Paradigm™ 523K/723K	Version 2.4A or lower
MiniMed™ Paradigm™ 712E*	All versions
MiniMed™ Paradigm™ Veo 554CM/754CM*	Version 2.7A or lower
MiniMed™ Paradigm™ Veo 554/754*	Version 2.6A or lower

* Available outside the United States only.

Important Recommendations for People who have Diabetes and their Caregivers

Check to see if the model and software version of your insulin pump is affected. Read the Medtronic Patient Letter to learn how to identify your pump’s software version. If you live outside the United States, Medtronic will send you a notification letter with instructions based on the country where you live.
Talk to your health care provider about a prescription to switch to a model with more cybersecurity protection.
If you have questions about replacing your pump, call Medtronic at 1-866-222-2584 or go to Medtronic’s website.

To minimize the potential risk of a cybersecurity attack while you are waiting for a replacement pump:

Keep your insulin pump and the devices that are connected to your pump within your control at all times whenever possible.
Do not share your pump serial number.
Be attentive to pump notifications, alarms, and alerts.
Monitor your blood glucose levels closely and act appropriately.
Immediately cancel any unintended boluses.
Connect your Medtronic insulin pump to other Medtronic devices and software only.
Disconnect the USB device from your computer when you are not using it to download data from your pump.

Get medical help right away if you:

Have symptoms of severe hypoglycemia (such as excessive sweating, feeling very tired, dizzy and weak, being pale, and a sudden feeling of hunger).
Have symptoms of diabetic ketoacidosis (such as excessive thirst, frequent urination, nausea and vomiting, feeling very tired and weak, shortness of breath).
Think your insulin pump settings or insulin delivery changed unexpectedly.

Recommendations for Health Care Providers

Review the “Important Recommendations for People who have Diabetes and their Caregivers” section of this communication with patients who have affected devices.

Potential Cybersecurity Risks Associated with Certain Medtronic MiniMed Pumps

The FDA has become aware that an unauthorized person (someone other than a patient, patient caregiver, or health care provider) could potentially connect wirelessly to a nearby MiniMed insulin pump with cybersecurity vulnerabilities. This person could change the pump’s settings to either over-deliver insulin to a patient, leading to low blood sugar (hypoglycemia), or stop insulin delivery, leading to high blood sugar and diabetic ketoacidosis.

Medtronic cannot update the MiniMed™ 508 and Paradigm™ insulin pump models to address these potential cybersecurity risks. As a result, the FDA recommends patients replace affected pumps with models that are better equipped to protect them from these risks. To date, the FDA is not aware of any reports of patient harm related to these potential cybersecurity risks.

For more information see:

FDA Actions

The FDA has worked to assure Medtronic addresses this cybersecurity issue, including disclosing this information to the public and helping patients replace their affected insulin pump models with newer models. The FDA will keep the public informed if significant new information becomes available.

Reporting Problems with Your Device

If you think you have had a problem with your device, the FDA encourages you to report the problem through the MedWatch Voluntary Reporting Form.

Michael Aviad

Michael Aviad is co-founder of ASweetLife. He was diagnosed with type 1 diabetes in 2002. Michael was born in Santa Barbara and grew up in Jerusalem. He studied law and after passing his bar exam went on to get an MBA with a major in finance. Michael worked for many years as an economist. He and his wife Jess, also a type 1 diabetic, have three sons. Michael loves to run and is always training for the next marathon.

Michael Aviad

Michael Aviad is co-founder of ASweetLife. He was diagnosed with type 1 diabetes in 2002. Michael was born in Santa Barbara and grew up in Jerusalem. He studied law and after passing his bar exam went on to get an MBA with a major in finance. Michael worked for many years as an economist. He and his wife Jess, also a type 1 diabetic, have three sons. Michael loves to run and is always training for the next marathon.

0 0 votes

Article Rating

1 Comment

newest

oldest most voted

Inline Feedbacks

View all comments

Bernard Farrell

5 years ago

The cynic in me says that this recall is because of the success of Loop-ing and other software being used to control pumps via algorithms. The ‘flaw’ is what allows the software to control the pump and it’s been well known for MANY years. This recall will make it harder for folks to find used pumps they can control. In the end it may backfire on Medtronic as the other pump that can currently be controlled in the OmniPod. I’m currently considering moving to OmniPod just so I can Loop. I’ve been arguing for many years for pump makers to… Read more »