TUESDAY, September 20, 2022 (HealthDay News) — The U.S. Food and Drug Administration is warning patients using a certain insulin pump system that unauthorized persons could access it and alter the amount of insulin a patient is receiving.
The pump at the center of the FDA alert is the Medtronic MiniMed 600 Series Insulin Pump System, including models like the MiniMed 630G and MiniMed 670G.
Components such as the insulin pump, continuous glucose monitoring (CGM) transmitter, blood glucose meter, and CareLink USB device communicate wirelessly, the FDA noted. A device problem could result in someone breaking in and the pump delivering too much or too little insulin to the patient.
For this cybersecurity breach to occur, an unauthorized person would need to gain nearby access to a pump while it is being paired with other system components. No one reported this happening, the FDA noted.
“For unauthorized access to occur, someone nearby other than you or your caregiver would need to have access to your pump at the same time as the pump is paired with other system components,” Medtronic said in an urgent alert. The company emphasized that this type of access “cannot be done over the Internet”.
Medtronic issued the alert to inform users of this risk and make recommendations. The company is working with the FDA to identify, communicate, and prevent this cybersecurity issue.
It states that patients should turn off the “Remote Bolus” feature on their pump, which is on by default. Additionally, Medtronic said patients should make all device connection links in a non-public space.
Patients should also disconnect the USB device from their computer when not in use to download pump data, and should never acknowledge remote connection requests or other remote actions unless initiated by patients or care partners, the company added.
While medical devices often connect to the internet, hospital networks, and other devices, those same capabilities pose potential cybersecurity risks, the FDA noted.
“Medical devices, like other computer systems, can be vulnerable to security breaches that potentially compromise the safety and effectiveness of the device,” the FDA warning said.
For more information on this cybersecurity vulnerability, insulin pump system users should contact Medtronic at 800-646-4633. Choose option 1.
The American Diabetes Association has more on insulin pumps.
SOURCE: US Food and Drug Administration, press release, September 20, 2022