The Food and Drug Administration (FDA) has issued an emergency alert, warning that Medtronic MiniMed insulin pumps are vulnerable to potentially life-threatening cyberattacks.
"The FDA is concerned that, due to cybersecurity vulnerabilities identified in the device, someone other than a patient, caregiver or health care provider could potentially connect wirelessly to a nearby MiniMed insulin pump and change the pump's settings, allowing them to either deliver too much insulin, or not enough, with potentially fatal results for patients," said the FDA in a June 27 statement.
The pumps have no update mechanism, so Medtronic is unable to update the MiniMed 508 and Paradigm insulin pumps with any software or patch to address the vulnerabilities. The FDA said they are working to assure that Medtronic addresses this cybersecurity issue, including helping patients with affected insulin pumps switch to newer models with better cybersecurity controls.
"The risk of patient harm if such a cybersecurity vulnerability were left unaddressed is significant," said Suzanne Schwartz, MD, MBA, Director, Office of Strategic Partnerships and Technology Innovation at the FDA. "The safety communication ... contains recommendations for what actions patients and healthcare providers should take to avoid the risk this vulnerability could pose. Any medical device connected to a communications network, like Wi-Fi, or public or home Internet, may have cybersecurity vulnerabilities that could be exploited by unauthorized users."
The FDA was not aware of any confirmed reports of patient harm related to these potential cybersecurity risks.
