On June 27th, 2019, the FDA announced that medical device company Medtronic would be recalling its MiniMed™ 508 insulin pump and MiniMed™ Paradigm™ Series insulin pump models due to their vulnerability to hacking. It was found that the pumps could not be updated in order to correct the issue, so they will need to be replaced with less vulnerable models where possible.
The FDA and security companies have known for a while that there were likely going to be issues when designers began making insulin pumps that could connect wirelessly to glucose meters, monitoring systems, and other devices. Flaws in the devices’ firmware leave a gap in security that allows hackers to take control of the device and change its settings, which could have catastrophic repercussions for people with insulin-dependent diabetes. the issue has even been called the “next big security nightmare.”
Wireless medical devices, which also include pacemakers and cardiac defibrillators, affect the security and health of not only the person using the device but also the hospitals and health centers where these devices are frequently used and their patients. A breach in security of these medical devices could lead to stolen medical records, loss of important data, hospital network shutdowns, and ransomware attacks. Ransomware blocks users’ access until they pay the “ransom” amount.
Medtronic has sent letters to more than 4,000 customers currently using one of the recalled pumps, instructing them to contact their physician and discuss upgrading to a newer device. However, this may not be an option for all users, and it will take time for all the affected pumps to be switched out.
Those who decide to stay with a recalled device or are waiting for their new device should ensure that they are always in control of all their medical devices and should keep important information like device serial numbers private. Users should never deliberately connect with third parties they do not know, and they should disconnect the device’s USB from their computer when not downloading data from their insulin pump.
All patients currently using Medtronic’s MiniMed™ 508 insulin pump or MiniMed™ Paradigm™ Series insulin pump are instructed to closely monitor their blood sugar levels and the settings on their devices for the time being and pay attention to any alarms or notifications. If there is any evidence of someone tampering with your device or if you experience symptoms of hyper- or hypoglycemia, seek medical help right away.
You can contact Medtronic toll-free at 866-222-2584 or go online at info.medtronicdiabetes.com/legacyexchange to learn more about this issue and find out how to exchange your recalled insulin pump. You can report a problem with your pump via the MedWatch Voluntary Reporting Form.
At this time, there have been no security breaches reported on the recalled insulin pumps or other wireless medical devices. Other Medtronic insulin pump models have not been affected by this issue.
Elizabeth Nelson is a wordsmith, an alumna of Aquinas College in Grand Rapids, a four-leaf-clover finder, and a grammar connoisseur. She has lived in west Michigan since age four but loves to travel to new (and old) places. In her free time, she. . . wait, what’s free time?