Users of Medtronic’s MiniMed 600 Series Insulin Pump System, specifically models for MiniMed 630G and MiniMed 670G, have been alerted by the US FDA (Food and Drug Administration) that their medical devices have a cybersecurity problem with its communication protocol. If the insulin pump system were compromised, attackers might be able to change it to give the patient too much or too little insulin.
Because the insulin pump is coupled with the MiniMed 600 series devices’ wirelessly communicating parts (such as the blood glucose metre, continuous glucose monitoring transmitter, and CareLink USB device), nearby intruders could obtain access to them. It was made very plain by Medtronic that such an attack could not be carried out online.
The Urgent Medical Device Correction notification page for the corporation reads, “Medtronic has no proof to date that such an issue has occurred.” “However, in the unusual case that illegal access was to be successful, it might be utilized to give an unintentional insulin bolus or too little or too much insulin as a result of slowed or interrupted insulin delivery. An excess of insulin may cause hypoglycemia (low blood sugar), which may cause seizures, coma, or even death. Insufficient insulin can cause hyperglycemia, or excessive blood sugar, which can result in diabetic ketoacidosis.”
The Solution
The FDA and Medtronic are still collaborating to identify, communicate, and stop the vulnerability effects of the devices. To reduce risk, Medtronic advises adopting the appropriate steps and safety precautions. The “Remote Bolus” feature of the pump should be disabled first, according to the manufacturer, as it is turned on by default.
The company also reminded users to always maintain control over their insulin pump and all of its parts, never confirm connection requests on the pump screen unless they or their care partner have initiated them, and not to disclose the serial number of their insulin pump or device to anyone besides their healthcare provider, distributor, and Medtronic.
