FDA recalls certain models of insulin pumps for cybersecurity risks
When you think of cybersecurity threats, you might not think of insulin pumps as a potential target. As alternatives to periodic insulin injections, these tiny computer-controlled devices deliver insulin to patients with type 1 or type 2 diabetes in smaller doses throughout the day.
The U.S. Food and Drug Administration’s vigilance, however, might have life-saving consequences. The agency announced this week that certain Medtronic MiniMed insulin pumps are being recalled due to potential cybersecurity risks and urged patients who are using these models to seek more secure treatment options. So far, the FDA has no knowledge of patient harm related to these potential cybersecurity risks.
Vulnerabilities found in the wireless communication between Medtronic's MiniMed insulin pumps and other devices led to the recall. The agency saw the potential for the technology to allow someone other than a patient, caregiver or health care provider to connect wirelessly to a nearby MiniMed insulin pump and change the pump’s settings. As the report explains, this creates an opportunity for a person to over deliver insulin to a patient, leading to low blood sugar (hypoglycemia), or to stop insulin delivery, leading to high blood sugar and diabetic ketoacidosis (a buildup of acids in the blood).
“The FDA urges manufacturers everywhere to remain vigilant about their medical products—to monitor and assess cybersecurity vulnerability risk, and to be proactive about disclosing vulnerabilities and mitigations to address them.”
“The FDA urges manufacturers everywhere to remain vigilant about their medical products—to monitor and assess cybersecurity vulnerability risk, and to be proactive about disclosing vulnerabilities and mitigations to address them. This is part of the FDA’s overall effort to collaborate with manufacturers and health care delivery organizations—as well as security researchers and other government agencies—to develop and implement solutions to address cybersecurity issues throughout a device’s total product lifecycle,” said Suzanne Schwartz, M.D., MBA, deputy director of the Office of Strategic Partnerships and Technology Innovation and acting division director for All Hazards Response, Science and Strategic Partnerships in the FDA’s Center for Devices and Radiological Health.