The U.S. Food and Drug Administration is warning patients who use a particular insulin pump system that unauthorized people could access it and change how much insulin a patient receives.
The pump at the center of the FDA alert is the Medtronic MiniMed 600 Series Insulin Pump System, including models such as MiniMed 630G and MiniMed 670G.
Components such as the insulin pump, continuous glucose monitoring (CGM) transmitter, blood glucose meter and CareLink USB device communicate wirelessly, the FDA noted. An equipment issue may allow someone to break in and cause the pump to deliver too much or too little insulin to the patient.
For this cybersecurity breach to happen, an unauthorized person nearby would need to gain access to a pump as it is pairing with other system components. No one has reported that this has happened, the FDA noted.
“For unauthorized access to occur, a nearby person other than you or your care partner would need to gain access to your pump at the same time that the pump is being paired with other system components,” Medtronic said in an urgent warning. The company stressed that this type of access “cannot be done over the Internet.”
Medtronic issued the warning to inform users about this risk and make recommendations. The company is working with the FDA to identify, communicate and prevent this cybersecurity issue from happening.
It said patients should turn off the “Remote Bolus” feature on their pump, which is turned on by default. In addition, Medtronic said patients should do any connection linking of devices in a non-public space.
Patients should also disconnect the USB device from their computer when it is not being used to download pump data and should never confirm remote connection requests or other remote actions unless patients or care partners initiated them, the company added.
While medical devices are often connected to the internet, hospital networks and other devices, these same features pose potential cybersecurity risks, the FDA noted.
“Medical devices, like other computer systems, can be vulnerable to security breaches, potentially impacting the safety and effectiveness of the device,” the FDA alert said.
For more information about this cybersecurity risk, users of the insulin pump system should reach out to Medtronic at 800-646-4633. Choose option 1.
The American Diabetes Association has more on insulin pumps.
SOURCE: U.S. Food and Drug Administration, news release, Sept. 20, 2022