June 28, 2019 -- The FDA has recalled certain Medtronic MiniMed insulin pumps because there’s a risk of them being hacked, the agency said.
The recall affects Medtronic's MiniMed 508 and MiniMed Paradigm series insulin pumps. The FDA recommends that patients using these models switch their pump to models that are better equipped to protect against these risks.
"While we are not aware of patients who may have been harmed by this particular cybersecurity vulnerability, the risk of patient harm if such a vulnerability were left unaddressed is significant," Suzanne Schwartz, MD, of the FDA's Center for Devices and Radiological Health, said in a statement.
The cybersecurity risks found in the device mean that someone other than a patient, caregiver, or health care provider could connect wirelessly to a nearby MiniMed insulin pump and change the pump's settings, the FDA warns. This could allow a person to deliver too much insulin to a patient, leading to hypoglycemia, or to stop insulin delivery, leading to hyperglycemia and diabetic ketoacidosis.
Medtronic can't update the MiniMed 508 and Paradigm insulin pumps well enough with any software or patch to address the devices' risks, the FDA says.
Medtronic has identified 4,000 patients in the United States who could be using the recalled insulin pumps that are vulnerable to this issue. The company is working with its distributors to identify other patients who might be using these pumps. Medtronic is giving patients other insulin pumps that have better cybersecurity, and the company sent a letter to them explaining the issue.
"The FDA urges manufacturers everywhere to remain vigilant about their medical products -- to monitor and assess cybersecurity vulnerability risk, and to be proactive about disclosing vulnerabilities and mitigations to address them," Schwartz said.
In March, the FDA warned about cybersecurity risks in Medtronic's implantable cardiac devices and telemetry systems.