The Food and Drug Administration (FDA) on June 27 alerted health care providers to a recall of 11 Medtronic MiniMed insulin pump models due to cybersecurity risks.
Because of security vulnerabilities, an unauthorized person potentially could wirelessly connect to a nearby MiniMed insulin pump and change the pump settings. The unauthorized user could overdeliver insulin to a patient, leading to hypoglycemia, or stop insulin delivery, causing high blood sugar and diabetic ketoacidosis.
FDA advises patients to follow Medtronic’s instructions to identify their insulin pump’s software version and ask their health care provider for a prescription to switch to a model with stronger cybersecurity protections. To minimize the risk of a cybersecurity attack in the meantime, FDA advises patients to:
- keep their insulin pumps and connected devices within their control at all times;
- avoid sharing their pump serial number;
- pay attention to pump notifications, alarms, and alerts;
- monitor blood glucose levels closely;
- cancel immediately any unintended boluses;
- connect their Medtronic insulin pump only to other Medtronic devices and software; and
- disconnect the USB device from their computer when not in use.
FDA advises providers to report adverse reactions or quality problems associated with the affected products to the agency’s MedWatch Safety Information and Adverse Event Reporting Program. For more information about replacing a pump, contact Medtronic at 1.866.222.2584.
Contact Senior Director of Policy Erin O’Malley at firstname.lastname@example.org or 202.585.0127 with questions.