Medtronic MiniMed Recall Issued Over Insulin Pump Cybersecurity Risks

About 1,000 Medtronic MiniMed insulin pumps are being recalled, due to a lack of cybersecurity protocols, which could allow hackers to change settings and alter patient insulin doses, potentially resulting in serious and life threatening health consequences.

The Medtronic MiniMed recall was announced by the FDA on November 5, indicating that the insulin pumps have a wireless communication system used to control insulin doses, which may be susceptible to hacking.

The recalled insulin pumps are small, computerized devices that deliver insulin to diabetic patients throughout the day, via a catheter implanted under the skin. The devices are wirelessly connected to both the patient’s blood glucose meter and a monitoring system to track glucose levels, as well as a remote controller that is designed to communicate with the pump and deliver a specific amount of insulin.

According to the recall notice, communication between the Medtronic MiniMed series pumps and the remote controller could be hacked, allowing someone other than the patient, caregiver, or healthcare provider to change the settings, which could be life threatening for a patient.

If a diabetic patient is given too much insulin, it could result in the development of severe hypoglycemia. If a patient does not receives an under dose of insulin is could lead to high blood sugar and diabetic ketoacidosis.

The recall includes approximately 1,117 MiniMed 500 Remote Control and 503 Remote Transmitters manufactured by Medtronic and distributed for sale from August 6, 1999 through July 24, 2018.

Medtronic is instructing patients to talk with their healthcare provider about a prescription to switch to different insulin pump model with better cybersecurity protocols. Patients are being directed not to switch insulin delivery systems without first consulting with their doctor first, as this could result in severe or life threatening adverse health consequences.

The device manufacturer recommended patients consult with their health care physician immediately if they have symptoms of severe hypoglycemia such as excessive sweating, feeling very tired, dizzy and weak, being pale, and a sudden feeling of hunger, have symptoms of diabetic ketoacidosis such as excessive thirst, frequent urination, nausea and vomiting, feeling very tired and weak, shortness of breath, or think your insulin pump settings or insulin delivery changed unexpectedly.

Medtronic has faced cybersecurity vulnerabilities across several devices in recent years. In June, Medtronic issued another recall of the Medtronic MiniMed 508 pump and MiniMed Paradigm series insulin pumps due to similar cybersecurity risks.

The FDA has also previously issued a safety communication about vulnerabilities with Medtronic ICDs or cardiac resynchronization therapy defibrillators (CRT-Ds), after discovering the wireless telemetry system used to communicate and alter the implanted devices could be hacked due to a lack of security protocols.

Late last year in October 2018, Medtronic issued an Urgent Medical Device Correction to physicians, notifying them that more than 34,000 implantable pacemakers were vulnerable to hacking. Medtronic disconnected the devices from internet access for software updates as a result.

Patients with additional questions or concerns regarding the most recent recall are encouraged to contact the 24-hour Medtronic Technical Support at 800-646-4633.