Medtronic—Various MiniMed Insulin Pumps: May Have Cybersecurity Vulnerabilities

ECRI Institute's complete weekly summary of medical device hazard and recall information is available in ECRI Institute's Health Device Alerts. For more information contact us at clientservices@ecri.org.

In a June 27, 2019, Safety Communication, FDA states that an unauthorized person (someone other than a patient, patient caregiver, or health care provider) could connect wirelessly to a nearby MiniMed insulin pump with cybersecurity vulnerabilities. This person could change the pump's settings to either overdeliver insulin to a patient, leading to low blood sugar (hypoglycemia), or stop insulin delivery, leading to high blood sugar and diabetic ketoacidosis. Health Canada states that the settings could be only altered by an unauthorized person if they know the serial number of the specific pump and can connect wirelessly nearby and if they have the necessary technical skills, the correct radio-frequency equipment, and the malicious intent to perform the hack. FDA, Health Canada, and Medtronic have received no reports...