Medtronic MiniMed insulin pumps have Class I recall for cybersecurity risks

Nov. 11, 2019

Medtronic is recalling the MiniMed insulin specified insulin pumps due to potential cybersecurity risks. An unauthorized person (someone other than a patient, patient caregiver or healthcare provider) could potentially record and replay the wireless communication between the remote and the MiniMed insulin pump. This person could instruct the pump to either over-deliver insulin to a patient, leading to low blood sugar (hypoglycemia), or stop insulin delivery, leading to high blood sugar and diabetic ketoacidosis, even death.

The U.S. Food and Drug Administration (FDA) has identified this as a Class I recall, the most serious type of recall. Use of these devices may cause serious injuries or death. To date, the FDA is not aware of any reports of patient harm related to these potential cybersecurity risks.

People who have diabetes may use the MiniMed insulin pump to deliver insulin for the management of their diabetes. The pump includes a remote controller, which is designed to communicate wirelessly with the pump to deliver a specific amount of insulin to the person with diabetes.

On June 27, 2019 Medtronic notified affected customers. The notice instructed customers to talk to their health care provider about a prescription to switch to a model with more cybersecurity protection.

FDA has the notification.