Serviceteam IT Security News
The U.S. Food and Drug Administration (FDA) is warning patients and healthcare providers that some insulin pumps carry cybersecurity risks.

In an alert published on June 27 2019, the FDA said that certain Medtronic MiniMed™ insulin pumps carry potential cybersecurity risks and that patients with diabetes using these models should switch their insulin pump to other models.

The alert says: “The FDA has become aware that an unauthorized person (someone other than a patient, patient caregiver, or health care provider) could potentially connect wirelessly to a nearby MiniMed insulin pump with cybersecurity vulnerabilities.” The alert goes onto say that a person could change a pump’s settings to either “over-deliver insulin to a patient, leading to low blood sugar (hypoglycemia), or stop insulin delivery, leading to high blood sugar and diabetic ketoacidosis.” Both are life-threatening.

According to the FDA website, Medtronic cannot update the MiniMed™ 508 and Paradigm™ insulin pump models to address these potential cybersecurity risks, meaning that patients are advised to replace affected pumps with models that are better equipped to protect them from these risks.

Medtronic was founded in 1949 as a medical equipment repair shop, which evantually went on to create a wearable, battery-powered cardiac pacemaker. The company is recalling the following affected MiniMed pumps and providing alternative insulin pumps to patients:

  • MiniMed™ 508, All versions
  • MiniMed™ Paradigm™ 511, All versions
  • MiniMed™ Paradigm™ 512/712, All versions
  • MiniMed™ Paradigm™ 515/715, All versions
  • MiniMed™ Paradigm™ 522/722, All versions
  • MiniMed™ Paradigm™ 522K/722K, All versions
  • MiniMed™ Paradigm™ 523/723, Version 2.4A or lower
  • MiniMed™ Paradigm™ 523K/723K, Version 2.4A or lower
  • MiniMed™ Paradigm™ 712E*, All versions
  • MiniMed™ Paradigm™ Veo 554CM/754CM*, Version 2.7A or lower
  • MiniMed™ Paradigm™ Veo 554/754*, Version 2.6A or lower

This recall follows a report made by Siemplify last week that found that healthcare companies lacked maturity when it came to cybersecurity. The report was based on a survey of more than 250 security operations practitioners working at enterprises and managed security service providers (MSSPs).

To date, the FDA is not aware of any reports of patient harm related to these potential cybersecurity risks.

*Denotes patients are affected outside of the US.

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!