Medtronic recalls vulnerable MiniMed insulin pumps

  • Medtronic recalls vulnerable MiniMed insulin pumps

Medtronic recalls vulnerable MiniMed insulin pumps

Medtronic India said it has started notifying customers of a potential cybersecurity risk in the MiniMed 508 and MiniMed Paradigm series of insulin pumps.

Certain pumps from Medtronic Mini-Med were recalled for a potential cybersecurity risks.

In its warning, the FDA noted that these devices pose the risk of someone nearby connecting wirelessly and then potentially hacking into the devices.

These commands can, for instance, tell the pump to inject too much insulin, causing the patient to suffer hypoglycemia and pass out or enter a seizure, or too little insulin and cause the patient to develop serious life-threatening ketoacidosis.

Eli Lilly reported this week that a higher weekly dose of dulaglutide (Trulicity) - at 3 mg or 4.5 mg - outperformed the lower 1.5-mg dose for reducing A1c levels, in topline results from the AWARD-11 trial.

"The risk of patient harm if such a vulnerability were left unaddressed is significant", the FDA said. The pump's data can also be uploaded to a computer and sent to the patient's doctor.

But, she added that "out of an abundance of caution, it is clearly better for the FDA to take a proactive approach and recall Medtronic's more vulnerable pumps".

It's interesting to note that numerous vulnerable Medtronic MiniMed insulin pumps are highly prized by diabetes sufferers because they have a security flaw that allows them to modify the firmware.

According to the FDA press release, the company has been unable to adequately update the MiniMed 508 and Paradigm insulin pumps with any software or patch to address the devices' vulnerabilities; FDA is working with the company to address the issue and help patients switch to new models.

MiniMed 508 and Paradigm devices may be vulnerable to hacking.

Blood glucose meters for diabetes topped the list of device malfunction and incidents in the FDA's once-hidden "alternative summary" reporting database, with 2.4 million reports over the past 2 decades. "This is part of the FDA's overall effort to collaborate with manufacturers and health care delivery organizations-as well as security researchers and other government agencies-to develop and implement solutions to address cybersecurity issues throughout a device's total product lifecycle", said Suzanne Schwartz, M.D., MBA, deputy director of the Office of Strategic Partnerships and Technology Innovation and acting division director for All Hazards Response, Science and Strategic Partnerships in the FDA's Center for Devices and Radiological Health in a statement.

"Additionally, Medtronic will be sending a letter to all patients who are current known users of these pumps further detailing the risks and defensive measures".