Live

Watch CBSN Live

Medtronic recalls insulin pumps because hackers could hijack device

  • Medtronic is recalling several models of its MiniMed insulin pumps because of a risk that hackers could take control and change their settings.
  • The FDA said diabetics should talk with their doctors about switching to models with more cybersecurity protection.
  • Diabetics should get help right away if they think their MiniMed settings have changed, or they feel symptoms of severe hypoglycemia or diabetic ketoacidosis.

Medtronic is recalling several models of its MiniMed insulin pumps because of a cybersecurity risk that could allow hackers to take control of the devices remotely and change their settings, potentially leading to serious health complications. 

"Patients with diabetes using these models should switch their insulin pump to models that are better equipped to protect against these potential risks," the U.S. Food and Drug Administration said in a statement. 

The pumps work by using a wireless radio frequency to communicate with other devices used by diabetics, such as blood glucose monitors and glucose sensor transmitters. In a letter to patients, Medtronic said that "an unauthorized person" could potentially connect wirelessly to one of the nearby pumps and change its settings. 

Because insulin pumps regulate the dose and frequency of insulin given to diabetics, interference with their settings could cause potentially serious health implications.

"This could lead to hypoglycemia (if additional insulin is delivered) or hyperglycemia and diabetic ketoacidosis (if not enough insulin is delivered)," Medtronic said in the letter. 

It's not the first time security issues have been raised about Medtronic insulin pumps. In 2011, security researcher Jay Radcliffe warned about a security flaw that could allow a hacker to disable a Medtronic insulin pump. 

"No confirmed reports"

Medtronic said it has received "no confirmed reports of unauthorized persons changing settings or controlling insulin delivery."

Medtronic is recommending that diabetics who use the pump take several precautions, including keeping the pump and devices connected to the pump "within your control at all times." People who use the pump should also be alert to the pump's notifications, alarms and alerts and not share their pump's serial number. 

The FDA recommends seeking medical help if diabetics with the pumps believe their settings have changed, or they feel symptoms of severe hypoglycemia or diabetic ketoacidosis.

Below are the models, with the software version in parenthesis:

  • MiniMed 508 (All versions)
  • MiniMed Paradigm 511 (All versions)
  • MiniMed Paradigm 512/712 (All versions)
  • MiniMed Paradigm 515/715 (All versions)
  • MiniMed Paradigm 522/722 (All versions)
  • MiniMed Paradigm 522K/722K (All versions)
  • MiniMed Paradigm 523/723 (Version 2.4A or lower)
  • MiniMed Paradigm 523K/723K (Version 2.4A or lower)
  • MiniMed Paradigm 712E* (All versions)
  • MiniMed Paradigm Veo 554CM/754CM* (Version 2.7A or lower)
  • MiniMed Paradigm Veo 554/754* (Version 2.6A or lower)