UPDATE: Nov. 5, 2019: FDA said Tuesday Medtronic's recall of certain MiniMed insulin pumps due to cybersecurity weaknesses is being classified as a Class I event, indicating regulators' belief that use of the devices may lead to serious injuries or death.
The FDA release said Medtronic initiated the recall of more than 1,100 devices from the U.S. market in August 2018. The devices in question were the MiniMed Model 500 Remote Control and 503 Remote Transmitter (MMT-500 and MMT-503) distributed between August 1999 and July of last year.
"To date, the FDA is not aware of any reports of patient harm related to these potential cybersecurity risks," the Nov. 5 update said.
FDA has warned patients about a cybersecurity weakness affecting certain Medtronic insulin pumps that could enable a hacker to control drug delivery.
While there is no evidence the vulnerability has caused harm, FDA called the risk to patients “significant” if the cybersecurity weakness is not resolved.
The weakness may affect pumps used by 4,000 patients in the U.S. and cannot be fixed with a software patch, leading Medtronic to recommend people switch to newer insulin pumps.
In a cybersecurity notice, the Department of Homeland Security warns that the wireless communication protocol lacks effective authentication or authorization safeguards. This weakness means a hacker with adjacent access to a pump could inject, modify or intercept data.
The DHS’ notice is the sixth listed by the agency in relation to Medtronic devices in the last 12 months. DHS’ prior notices include a warning about another weakness affecting MiniMed 508 pumps. The prior warning also covered the potential for a hacker to trigger delivery of insulin but only if some non-default options were configured. DHS gave that vulnerability a score of 5.3 on the severity scale.
Individuals with diabetes use Medtronic’s MiniMed 508 and MiniMed Paradigm pumps to administer insulin without having to periodically inject the drug. The devices come with a remote controller patients use to send dosing commands to the pump and are equipped to communicate wirelessly with technologies such as blood glucose meters.
The worst case scenario is that an attacker orders the device to either deliver additional insulin or stop administering the drug, causing the patient to suffer from low or high blood sugar, respectively. DHS rated the weakness as 7.1 out 10 on the cybersecurity vulnerability scale.
Medtronic received 510(k) clearance for the MiniMed 508 in 1999. The device featured “limited remote programming by radio frequency.” Medtronic told FDA it is unable to adequately update the affected devices and, as such, it is recommending that patients talk to their healthcare professionals about switching to a different pump device.
All MiniMed 508 devices are affected by the vulnerability but some MiniMed Paradigm pumps running on more recently updated software are secure. All versions of MiniMed 600 series — 620G to 670G — are unaffected by the vulnerability.
Medtronic recommends all patients take certain precautions to mitigate the risk of attack. These include maintaining tight physical control over the pump and not connecting the device to third-party technologies or software not authorized by Medtronic.