Certain Insulin Pumps Recalled Due to Cybersecurity IssuesFDA Warns Patients About Medtronic's Voluntary Recall of Some Wireless Pumps
In a rare move, the Food and Drug Administration on Thursday warned patients and healthcare providers that medical device manufacturer Medtronic has issued a voluntary recall of certain wireless insulin pumps due to cybersecurity vulnerabilities that cannot be adequately patched and therefore pose safety concerns.
"While we are not aware of patients who may have been harmed by this particular cybersecurity vulnerability, the risk of patient harm if such a vulnerability were left unaddressed is significant," says Suzanne Schwartz, M.D., deputy director of the FDA's office of strategic partnerships and technology innovation.
The FDA has issued warnings about voluntary medical device recalls due to cybersecurity issues in only a handful of instances.
In a statement, the FDA says it is warning patients and healthcare providers that certain Medtronic MiniMed insulin pumps have potential cybersecurity risks. "Patients with diabetes using these models should switch their insulin pump to models that are better equipped to protect against these potential risks," the FDA says.
The potential risks are related to the wireless communication between Medtronic's MiniMed insulin pumps and other devices such as blood glucose meters, continuous glucose monitoring systems, the remote controller and CareLink USB device used with these pumps, the FDA warns.
"The FDA is concerned that, due to cybersecurity vulnerabilities identified in the device, someone other than a patient, caregiver or healthcare provider could potentially connect wirelessly to a nearby MiniMed insulin pump and change the pump's settings. This could allow a person to over deliver insulin to a patient, leading to low blood sugar (hypoglycemia), or to stop insulin delivery, leading to high blood sugar and diabetic ketoacidosis (a buildup of acids in the blood)," the agency's statement says.
Schwartz notes: "The FDA urges manufacturers everywhere to remain vigilant about their medical products, to monitor and assess cybersecurity vulnerability risk and to be proactive about disclosing vulnerabilities and mitigations to address them."
Any medical device connected to a communications network, such as Wi-Fi or the internet, may have cybersecurity vulnerabilities that could be exploited by unauthorized users, the FDA notes.
Thousands of Affected Patients
The recalled pumps are Medtronic's MiniMed 508 insulin pump and MiniMed Paradigm series insulin pumps.
Medtronic is providing alternative insulin pumps to patients with enhanced built-in cybersecurity capabilities, the FDA reports.
In the U.S., Medtronic has identified 4,000 patients who are potentially using insulin pumps that are vulnerable to this issue. In addition, Medtronic is working with distributor partners to identify additional patients potentially using these pumps, the FDA says.
In a statement provided to Information Security Media Group, the FDA says: "Medtronic is unable to adequately update the MiniMed 508 and Paradigm insulin pumps with any software or patch to address the devices' vulnerabilities. The FDA is working to assure that Medtronic addresses this cybersecurity issue, including helping patients with affected insulin pumps switch to newer models with better cybersecurity controls. The FDA will keep the public informed if significant new information becomes available."
Medtronic, which issued a statement about the issue, says it has begun sending letters to affected patients.
In its letters to impacted patients, Medtronic says: "Due to this potential cybersecurity issue, we recommend that you speak with your healthcare provider about changing to a newer model insulin pump with increased cybersecurity protection, such as the MiniMed 670G insulin pump."
The Department of Homeland Security's Industrial Control Systems Computer Emergency Response Team issued its own alert about the Medtronic pumps' "improper access control vulnerability," which it notes was identified by independent security researchers.
In its alert, DHS notes: "The affected insulin pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected insulin pump models can inject, replay, modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery."
Risk Mitigation Steps
To minimize the potential risk of a cybersecurity attack while awaiting a replacement pump, the FDA and Medtronic are instructing patients to:
- Keep their insulin pump and the devices that are connected to the pump within their control at all times;
- Avoid sharing the pump serial number with anyone;
- Be attentive to pump notifications, alarms and alerts;
- Monitor their blood glucose levels closely and act appropriately;
- Immediately cancel any unintended boluses (dosing commands);
- Connect their Medtronic insulin pump only to other Medtronic devices and software;
- Disconnect the USB device from their computer when not using it to download data from their pump.
The FDA in its warning notes that the affected Medtronic devices wirelessly connect to both the patients' blood glucose meter - which measures a patient's blood glucose levels at one point in time - and continuous glucose monitoring system - a sensor and transmitter that track a patient's glucose levels throughout the day.
"The remote controller and CareLink USB, a thumb-sized wireless device that plugs into a computer, are used with the affected insulin pumps," the FDA notes. "A patient can use the remote controller to send insulin bolus (dosing) commands to the insulin pump remotely and can use the CareLink USB to download data about their glucose levels from their insulin pump to monitor their own progress and share it with their healthcare provider."