Insulin pump therapy, or continuous subcutaneous insulin infusion (CSII), has been used in the treatment of diabetes for decades. Devices have evolved with technological advancements; some insulin pumps now feature Bluetooth connectivity and complementary smartphone applications while the use of AI technology is slowly being integrated. Modern insulin pumps are both more patient and physician-friendly as they allow for precise insulin control in diabetic patients.  As a result, the number of pump users has increased manifold now totaling an estimated 350,000 patients within the United States. 

Despite their practicality and accessibility, modern insulin pumps may carry previously unknown risks and safety considerations. Recently, the FDA issued a warning calling to attention potential cybersecurity concerns associated with digital insulin pumps which rely on wireless technology. Certain Medtronic MiniMed insulin pumps have been recalled by the manufacturer due to the possible risk of them being hacked. The recalled pumps include Medtronic’s MiniMed 508 insulin pump and the MiniMed Paradigm series. The FDA recommends patients using these models switch insulin pumps to models that are better equipped to protect against potential cybersecurity risks.

 

Cybersecurity Risk

 

According to the manufacturing company, Medtronic, the MiniMed 508 insulin pump and Paradigm series are designed to communicate with other devices – such as blood glucose meters and glucose sensor transmitters – using wireless radio frequency technology. As a result, there may be potential cybersecurity vulnerabilities related to wirelessly connected pumps. Security researchers have identified the risk of device hacking by an unauthorized person able to access nearby MiniMed insulin pumps to alter settings and control insulin delivery. This could allow for over-delivery of insulin to a patient, leading to hypoglycemia, or for discontinuation of insulin delivery which could result in hyperglycemia or diabetic ketoacidosis – all of which carry the risk of long-term and hazardous health complications.

 

To date, no patients have been harmed and Medtronic has not received any confirmed reports of unauthorized persons changing settings or controlling insulin delivery. However, the risk of patient harm is significant, demanding attention and the recalling of all malfunctioning products. 

 

Insulin Pump Recall

 Both the MiniMed 508 and Paradigm insulin pumps have been recalled as the manufacturer is unable to adequately update the software or patch to address the cybersecurity vulnerabilities. Alongside Medtronic, the FDA is working to ensure that the security concerns are properlyaddressed, including helping patients with compromised pumps switch to different models with better cybersecurity controls. 

 Medtronic estimates 4,000 patients are potential users of the recalled insulin pumps and is currently working with distributors to identify additional affected individuals. Meanwhile, the company is providing alternative insulin pumps with enhanced built-in cybersecurity capabilities and sent out a letter to potentially affected patients explaining the issue. 

 Due to this potential cybersecurity issue, healthcare providers and patients are advised to use newer models of insulin pumps with enhanced cybersecurity protection and closely monitor their devices. The FDA urges manufacturers to remain vigilant about their medical products and assess vulnerability risk to ensure patient safety. A list of compromised devices<> and software versions can be found on Medtronic’s website.