Medtronic Issues Corrective Actions for Insulin Pumps Vulnerable to Hacking


Medtronic on Tuesday began alerting patients to a technological weakness in its MiniMed 600-series insulin pumps that leaves them vulnerable to hacking, the latest in a series of problems for the device and the company’s diabetes business.

The U.S. Food and Drug Administration (FDA) issued a statement on the potential cybersecurity vulnerability, and Medtronic sent out instructions on how to fix the issue in an Urgent Medical Device Correction Notice. This type of notification meets the agency’s definition of a recall, but does not require patients to return the product or discontinue use.

If a person gains unauthorized access to one of the pumps, they could tamper with the pump’s insulin delivery. Exploiting the device’s weakness would require a person to be in close physical proximity to a patient while the pump wirelessly pairs with other system components, such as the blood glucose meter.

According to Medtronic, it is impossible for anyone to gain unauthorized access to the pump over the internet.

The issue was discovered during internal testing, but neither Medtronic nor the FDA are aware of any instances of unauthorized access.

The diabetes division, Medtronic’s smallest division, has suffered a series of setbacks of late. Last December, the FDA issued a warning letter to Medtronic about how the diabetes department handled complaints, assessed product risks, and handled recalls.

In a results call last month, Medtronic CEO Geoff Martha said the company has “completed more than 90% of the actions we have committed to the FDA” in response to the warning letter.

Medtronic spokeswoman Pamela Reese said the company’s recent notification of the pumps was unrelated to any issues raised in last year’s warning letter.

The company began notifying U.S. patients on Tuesday and would soon reach out to those in other countries, she said. Medtronic was unable to provide the total number of devices affected by the most recent recall.

In October 2021, Medtronic expanded a previous recall of its 600 series insulin pumps to replace any devices with a clear retaining ring that could potentially result in the delivery of incorrect insulin doses. The new pumps all have updated black retaining rings.

Medtronic first disclosed the problem with the locking ring in November 2019, but did not offer replacement pumps at the time. Instead, the company first advised patients to inspect their pumps for damage to the retaining ring and to contact the company if the ring is loose, damaged, or missing.


About Author

Comments are closed.