Cybersecurity warning issued for certain insulin pumps

The risks are related to the pumps' wireless communication with other devices, such as blood glucose meters and continuous glucose monitoring systems.


Certain models of the MiniMed insulin pump were recalled by Medtronic due to potential cybersecurity risks, the FDA warned on June 27. About 4,000 U.S. patients may be affected.

The risks are related to the pumps' wireless communication with other devices, such as blood glucose meters and continuous glucose monitoring systems. Due to the identified vulnerabilities, an individual could potentially connect wirelessly to a nearby insulin pump and change its settings.

Because the manufacturer cannot update the MiniMed 508 and MiniMed Paradigm series insulin pump models, patients using them should switch to a model with more cybersecurity protection, the FDA recommended. After the recall, the manufacturer provided patients with alternative insulin pumps that have enhanced cybersecurity capabilities.

While waiting for a replacement pump, patients should try to keep their pump and connected devices within their control at all times, the FDA said. To date, the agency is not aware of reports of patient harm related to these cybersecurity risks. A list of affected pumps is available at this link.