The Washington PostDemocracy Dies in Darkness

Insulin pumps are vulnerable to hacking, FDA warns amid recall

A recall has been issued for the MiniMed 508 and the MiniMed Paradigm insulin pumps from Medtronic, which are similar to the one shown here. (iStock)

The Food and Drug Administration is warning insulin pump users about potential cybersecurity and hacking risks involved with some devices.

According to an announcement released Thursday, the MiniMed 508 and the MiniMed Paradigm insulin pumps from Medtronic are vulnerable to possible hacking and are being recalled.

If a patient is using one of the pumps, they could be at risk of “an unauthorized person with special technical skills and equipment” connecting to the device and changing how much insulin is delivered, according to a letter sent to patients and health-care providers and posted on Medtronic’s website.

“While we are not aware of patients who may have been harmed by this particular cybersecurity vulnerability, the risk of patient harm if such a vulnerability were left unaddressed is significant,” Suzanne Schwartz, an FDA official specializing in cybersecurity for medical devices, said in a statement.

Here is what you need to know about the Internet of things: a term used to describe devices like a thermostat or baby monitor that connect to the Internet. (Video: Sarah Parnass, Osman Malik/The Washington Post)

According to the FDA, an individual “could potentially connect wirelessly to a nearby MiniMed insulin pump and change the pump’s settings.” This could spur dire health concerns. Hypoglycemia could occur if too much insulin is delivered. It could also cause too little insulin to be delivered, and a diabetes patient could suffer from hyperglycemia and diabetic ketoacidosis.

Insulin pumps offer a convenient way to maintain blood glucose levels, compared with repeated insulin injections. According to the FDA, the MiniMed 508 and the MiniMed Paradigm wirelessly connect to multiple monitoring devices.

The devices cannot be updated, so “Medtronic is providing alternative insulin pumps to patients with enhanced built-in cybersecurity capabilities,” the FDA statement said.

Pamela Reese, a communication director at Medtronic, said that the devices listed in the FDA safety notification “were first brought to market in 2012 or earlier” and that most Medtronic costumers are not currently using them. Reese added that the safety notice does not require that patients return the devices.

The FDA is encouraging patients who might be at risk — at least 4,000 people — to talk to their medical providers about requesting newer insulin pumps that do not pose the same risks.

As patients await new devices, Medtronic and the FDA are asking that users take specific precautions, including paying close attention to blood glucose levels and having control of insulin pumps and connected devices at all times.

Read more:

A pregnant woman was shot in the stomach. She was charged in the death of the fetus.

Police make arrest in missing Utah student’s disappearance

It started as trolling, but a ‘straight pride parade’ may actually be coming to Boston