Security News

Insulin Pumps Left Open to 'Potentially Life-Threatening' Cyber Attack

The Food and Drug Administration (FDA) has issued an emergency alert, warning that Medtronic MiniMed insulin pumps are vulnerable to potentially life-threatening cyberattacks.

"The FDA is concerned that, due to cybersecurity vulnerabilities identified in the device, someone other than a patient, caregiver or health care provider could potentially connect wirelessly to a nearby MiniMed insulin pump and change the pump's settings, allowing them to either deliver too much insulin, or not enough, with potentially fatal results for patients," said the FDA in a June 27 statement.

The pumps have no update mechanism, so Medtronic is unable to update the MiniMed 508 and Paradigm insulin pumps with any software or patch to address the vulnerabilities. The FDA said they are working to assure that Medtronic addresses this cybersecurity issue, including helping patients with affected insulin pumps switch to newer models with better cybersecurity controls.

"The risk of patient harm if such a cybersecurity vulnerability were left unaddressed is significant," said Suzanne Schwartz, MD, MBA, Director, Office of Strategic Partnerships and Technology Innovation at the FDA. "The safety communication ... contains recommendations for what actions patients and healthcare providers should take to avoid the risk this vulnerability could pose. Any medical device connected to a communications network, like Wi-Fi, or public or home Internet, may have cybersecurity vulnerabilities that could be exploited by unauthorized users."

The FDA was not aware of any confirmed reports of patient harm related to these potential cybersecurity risks.

Read the FDA's findings HERE.

. . .

If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.

Receive alerts for vulnerabilities, zero-days, security news and more

Try our FREE 14-day trial. See an example email

Example email for SecAlerts