WASHINGTON — The Food and Drug Administration is warning insulin pump users about potential cybersecurity and hacking risks involved with some devices.
The MiniMed 508 and the MiniMed Paradigm insulin pumps from Medtronic are vulnerable to possible hacking and are being recalled, the FDA said Thursday.
If a patient is using one of the pumps, they could be at risk of “an unauthorized person with special technical skills and equipment” connecting to the device and changing how much insulin is delivered, according to a letter sent to patients and health care providers.
Suzanne Schwartz, an FDA official specializing in cybersecurity for medical devices, said the agency isn’t aware of anyone being harmed. But an individual “could potentially connect wirelessly to a nearby MiniMed insulin pump and change the pump’s settings,” the FDA said. This could spur dire health concerns.
Insulin pumps offer a convenient way to maintain blood glucose levels compared with repeated insulin injections. According to the FDA, the MiniMed 508 and the MiniMed Paradigm wirelessly connect to multiple monitoring devices.
The devices cannot be updated so “Medtronic is providing alternative insulin pumps,” the FDA statement said.
Medtronic said the devices listed in the FDA safety notification were sold in 2012 or earlier. The FDA is encouraging patients who might be at risk — at least 4,000 individuals — to talk to their medical provider about requesting newer insulin pumps.
Meanwhile, Medtronic and the FDA are asking that users pay close attention to their blood glucose levels and have control of their insulin pumps and connected devices at all times.