advertisement
advertisement
advertisement

FDA warning: Medtronic MiniMed insulin pumps could be hijacked by hackers

FDA warning: Medtronic MiniMed insulin pumps could be hijacked by hackers
[Photo: Flickr user Alan Levine]

The Food and Drug Administration has issued an urgent warning to users of certain Medtronic MiniMed insulin pumps to cease using them immediately due to fears they are vulnerable to cyberattacks. The FDA fears that a hacker could wirelessly connect to the devices and alter the dose of insulin given to users—a potentially fatal attack.

The risk comes from a vulnerability in the wireless connection between select Medtronic devices and the remote controller and CareLink USB device that allows users to interact with the Medtronic pumps. As the FDA explains:

The FDA is concerned that, due to cybersecurity vulnerabilities identified in the device, someone other than a patient, caregiver or health care provider could potentially connect wirelessly to a nearby MiniMed insulin pump and change the pump’s settings. This could allow a person to over deliver insulin to a patient, leading to low blood sugar (hypoglycemia), or to stop insulin delivery, leading to high blood sugar and diabetic ketoacidosis (a buildup of acids in the blood).

Here are the models of Medtronic MiniMed that are susceptible to the attack:

  • MiniMed 508 (all versions of the device)
  • MiniMed Paradigm 511 (all versions of the device)
  • MiniMed Paradigm 512/712 (all versions of the device)
  • MiniMed Paradigm 515/715 (all versions of the device)
  • MiniMed Paradigm 522/722 (all versions of the device)
  • MiniMed Paradigm 522K/722K (all versions of the device)
  • MiniMed Paradigm 523/723 (version 2.4A or lower)
  • MiniMed Paradigm 523K/723K (version 2.4A or lower)
  • MiniMed Paradigm 712E* (all versions of the device)
  • MiniMed Paradigm Veo 554CM/754CM* (version 2.7A or lower)
  • MiniMed Paradigm Veo 554/754* (version 2.6A or lower)

The FDA notes that as of now, no attackers are known to have taken advantage of the flaw in the Medtronic devices. However, the agency is warning all users to call Medtronic at 1-866-222-2584 or go to Medtronic’s website to get a replacement pump with enhanced cybersecurity protections ASAP.

You can read the FDA’s full warning about the Medtronic cyberthreat here.

advertisement
advertisement