Medtronic recalls insulin pumps because hackers could hijack device

  • Medtronic is recalling several models of its MiniMed insulin pumps because of a risk that hackers could take control and change their settings.
  • The FDA said diabetics should talk with their doctors about switching to models with more cybersecurity protection.
  • Diabetics should get help right away if they think their MiniMed settings have changed, or they feel symptoms of severe hypoglycemia or diabetic ketoacidosis.

Medtronic is recalling several models of its MiniMed insulin pumps because of a cybersecurity risk that could allow hackers to take control of the devices remotely and change their settings, potentially leading to serious health complications. 

“Patients with diabetes using these models should switch their insulin pump to models that are better equipped to protect against these potential risks,” the U.S. Food and Drug Administration said in a statement. 

The pumps work by using a wireless radio frequency to communicate with other devices used by diabetics, such as blood glucose monitors and glucose sensor transmitters. In a letter to patients, Medtronic said that “an unauthorized person” could potentially connect wirelessly to one of the nearby pumps and change its settings. 

Because insulin pumps regulate the dose and frequency of insulin given to diabetics, interference with their settings could cause potentially serious health implications.

“This could lead to hypoglycemia (if additional insulin is delivered) or hyperglycemia and diabetic ketoacidosis (if not enough insulin is delivered),” Medtronic said in the letter. 

It’s not the first time security issues have been raised about Medtronic insulin pumps. In 2011, security researcher Jay Radcliffe warned about a security flaw that could allow a hacker to disable a Medtronic insulin pump.