Some older insulin pumps are being recalled in the US because their wireless communications could be vulnerable to hacking.
The FDA has warned that Medtronic’s MiniMed 508 and Paradigm series insulin pumps might be potential cybersecurity risks.
“The FDA has become aware that an unauthorized person (someone other than a patient, patient caregiver, or health care provider) could potentially connect wirelessly to a nearby MiniMed insulin pump with cybersecurity vulnerabilities,” the FDA said in a safety communication.
“This person could change the pump’s settings to either over-deliver insulin to a patient, leading to low blood sugar (hypoglycemia), or stop insulin delivery, leading to high blood sugar and diabetic ketoacidosis.”
However the FDA was unaware of any harm related to the potential cybersecurity threat.
Professor Greg Johnson, CEO of Diabetes Australia told the limbic the FDA alert referred to older models of insulin pumps that were between 6 and 12 years old and therefore unlikely to affect many Australians.
“Very few people would still be using these pumps as most would have upgraded to a newer pump,” he said.
“If someone is using one of these pumps and is concerned that it may be vulnerable to being hacked, we encourage them to talk to the device manufacturer or their diabetes healthcare team.”
He noted the TGA has not issued any local alert or recall on the pumps.
The FDA said Medtronic was recalling the affected MiniMed pumps and providing alternatives to patients.
To minimise the chance of being hacked while waiting for a replacement pump, the FDA recommended patients:
- keep insulin pumps and devices that are connected to the pump within their control at all times whenever possible.
- not share pump serial numbers
- be attentive to pump notifications, alarms, and alerts
- monitor blood glucose levels closely and act appropriately
- immediately cancel any unintended boluses
- connect their Medtronic pump only to other Medtronic devices and software
- disconnect USB devices from a computer when not being used to download data from the pump.