Medtronic Recalls Some Insulin Pumps as FDA Warns They Could Be Hacked

By Serena Gordon HealthDay ReporterFRIDAY, June 28, 2019 (HealthDay News) -- The U.S. Food and Drug Administration announced Thursday that some high-tech insulin pumps made by Medtronic are being recalled for potential cybersecurity risks that could leave them vulnerable to hacking. "An unauthorized person with special technical skills and equipment could potentially connect wirelessly to a nearby insulin pump to change settings and control insulin delivery," Medtronic said in a letter it sent to patients.

Altered insulin delivery could lead to dangerously high or low blood sugar levels, the company noted.

Related Articles

It sounds like the plot of a crime thriller, but both the FDA and Medtronic said there are no known cases yet of someone hacking an insulin pump.

Dr. Caroline Messer is an endocrinologist at Lenox Hill Hospital in New York City. She said it's pretty hard to "imagine cyberterrorists plotting the deaths of patients with diabetes by manipulating the inputs in their insulin pumps."

But, she added that "out of an abundance of caution, it is clearly better for the FDA to take a proactive approach and recall Medtronic's more vulnerable pumps."

Remote monitoring tools. At the end of 2012, 2.8 million patients worldwide were using a home monitoring system, according to a Research and Markets report. Monitoring patients' health at home can reduce costs and unnecessary visits to a physician's office. Mr. Higman offers the example of a cardiac cast with a pacemaker automatically transmitting data to a remote center. "If there's something wrong for a patient, they can be contacted," he says. "It's basically allowing other people to monitor your health for you. It may sound invasive but is great for patients with serious and chronic illnesses."

Dr. Joel Zonszein, director of the Clinical Diabetes Center at Montefiore Medical Center in New York City, agreed. He said that "cybersecurity vulnerabilities are a 'side-effect' of devices, and as is done with medications, we need to balance the benefits and harms."

People with diabetes use insulin pumps -- compact computerized devices -- to deliver insulin throughout the day via a small tube inserted underneath the skin. The affected devices connect wirelessly to a patient's blood sugar meter and to a continuous glucose monitor, which tracks a patient's blood sugar level throughout the day. The pump's data can also be uploaded to a computer and sent to the patient's doctor.

The potentially vulnerable insulin pumps include Medtronic's:

  • Minimed 508 (All software versions)
  • MiniMed Paradigm (All software versions for 511, 512, 712, 712E, 515, 715, 522, 722, 522K, 722K)
  • MiniMed Paradigm (Software versions 2.4A or lower for 523, 723, 523K, 723K)
  • MiniMed Paradigm Veo (Software version 2.6A and lower for 554, 754)
  • MiniMed Paradigm Veo (Software version 2.7A and lower for 554CM, 754CM)
Medtronic said customers in the United States should speak with their health care providers about switching to a newer model insulin pump, because they have increased cybersecurity. The cost of any upgrade will depend on the patient's insurance coverage, the company noted. Until the end of 2019, Medtronic is also offering users of recalled pumps -- for a $399 discounted price -- an exchange to a newer, safer model from the company.

Telemedicine/telehealth. Studies consistently show the benefit of telehealth, especially in rural settings that do not have access to the same resources metropolitan areas may have. A large-scale study published in CHEST Journal shows patients in an intensive care unit equipped with telehealth services were discharged from the ICU 20 percent more quickly and saw a 26 percent lower mortality rate than patients in a regular ICU. Adam Higman, vice president of Soyring Consulting in St. Petersburg, Fla., says while telemedicine is not necessarily a new development, it is a growing field, and its scope of possibility is expanding.

More recent Medtronic insulin pumps, such as the MiniMed 620G, 630G, 640G and 670G, are not affected by this vulnerability, according to Medtronic. Zonszein believes that a vulnerability to hacking likely isn't limited to the recalled devices. He noted that there are a number of people who have created do-it-yourself automated insulin pumps that aren't regulated by the FDA. Because information to create these DIY systems is shared online, these devices could also be at risk, Zonszein said.

He believes health care providers also need to be careful with the information they gather from patients' pumps. Proper firewalls are needed to maintain safety, confidentiality and privacy, according to Zonszein.

Read more about the recall on Medtronic's website .

Study finds closed-loop insulin delivery system improves glycaemic control
Study finds closed-loop insulin delivery system improves glycaemic control
One in four patients say they've skimped on insulin because of high cost
One in four patients say they've skimped on insulin because of high cost
How well can H7N9 and H5N8 genetically mix with a seasonal strain?
How well can H7N9 and H5N8 genetically mix with a seasonal strain?
An artificial pancreas has just made giving birth safer for diabetic women
An artificial pancreas has just made giving birth safer for diabetic women
Insulin discovery a game-changer for improving diabetes treatments
Insulin discovery a game-changer for improving diabetes treatments
Changing climate may affect animal-to-human disease transfer
Changing climate may affect animal-to-human disease transfer