Medtronic says its MiniMed 508 and MiniMed Paradigm series insulin pumps are designed to communicate wirelessly with devices such as a blood glucose meters, glucose sensor transmitters, and CareLink USB devices.
Security researchers discovered an unauthorized person could potentially connect to a nearby insulin pump to change the device's settings and control insulin delivery.
Patients could suffer hypoglycemia if too much insulin is given, or hyperglycemia and diabetic ketoacidosis if not enough insulin is delivered.
Medtronic says it has received no reports of an unauthorized person changing the settings or controlling insulin delivery.
The company is recommending patients using affected model to speak with your healthcare provider about changing to a newer model insulin pump with increased cybersecurity protection.
The following models are affected by the cybersecurity vulnerability (*only Version 2.4A or lower models are affected):
- MiniMed 508
- MiniMed Paradigm 511
- MiniMed Paradigm 512/712
- MiniMed Paradigm 515/715
- MiniMed Paradigm 522/722
- MiniMed Paradigm 522K/722K
- MiniMed Paradigm 523/723*
- MiniMed Paradigm 523K/723K*
Medtronic recommend patients using the recalled devices take the following precautions:
- Keep your insulin pump and the devices that are connected to your pump within your control at all times
- Do not share your pump serial number
- Be attentive to pump notifications, alarms, and alerts
- Immediately cancel any unintended boluses
- Monitor your blood glucose levels closely and act as appropriate
- Do not connect to any third-party devices or use any software not authorized by Medtronic
- Disconnect your CareLink USB device from your computer when it is not being used to download data from your pump
- Get medical help right away if you experience symptoms of severe hypoglycemia or diabetic ketoacidosis, or suspect that your insulin pump settings, or insulin delivery changed unexpectedly
Patients and healthcare providers who decided to update to a newer insulin pump model are asked to call Medtronic at 866-222-2584 or visit info.medtronicdiabetes.com/legacyexchange to explore your options and to begin the replacement process.