FDA warns thousands of wireless insulin pumps can be hacked

The Food and Drug Administration has alerted the public to a new recall from Medtronic concerning the maker's MiniMed insulin pumps. According to the company, some of these MiniMed pumps have a critical cybersecurity issue that cannot be patched, leaving them permanently vulnerable to hackers who wirelessly access them. These recalled pumps were sold in the United States and internationally.

Medtronic announced the recall of thousands of MiniMed and Paradigm insulin pumps on June 27, revealing the discovery of a 'potential cybersecurity risk.' According to the company, these insulin pump models featuring wireless RF connectivity can possibly be accessed by hackers who have the right skills and equipment.

If this happens, the hacker may be able to wirelessly change the settings and the amount of insulin delivered to the individual using the pump. Doing this could result in serious, life-threatening consequences for the user, including the potential of developing diabetic ketoacidosis. Around 4,000 patients in the US may be using these recalled pumps.

Fortunately, there have been no confirmed reports of this type of hack taking place. Medtronic says the vulnerability was discovered by security researchers. Patients located in the US and abroad are warned to talk to their doctor about getting a different device.

The best course of action is replacing the vulnerable device, but Medtronic also provides precautions for patients who must continue using their pump until a different model can be acquired. This includes keeping the device's serial number private, not connecting to any third-party software or hardware, and disconnecting the related CareLink USB device from a computer when it isn't being used.

The following models have been recalled:

- MiniMed 508: All versions

- MiniMed Paradigm 511: All versions

- MiniMed Paradigm 512/712: All versions

- MiniMed Paradigm 515/715: All versions

- MiniMed Paradigm 522/722: All versions

- MiniMed Paradigm 522K/722K: All versions

- MiniMed Paradigm 523/723: Version 2.4A or lower

- MiniMed Paradigm 523K/723K: Version 2.4A or lower

- MiniMed Paradigm 712E: All versions

- MiniMed Paradigm Veo 554CM/754CM: Version 2.7A or lower

- MiniMed Paradigm Veo 554/754: Version 2.6A or lower

Pump owners can contact Medtronic with any questions related to the recall.