The agency's warning zoomed in on the Medtronic MiniMed 600 Series insulin pump system, which had an insulin pump and a blood glucose meter that can communicate wirelessly. It said that an authorized person can gain access to a pump while pairing it with other system components. However, the FDA clarified that it has not been aware of any reports related to this glitch. (Related: Diabetes breakthrough: Can this protein significantly reduce insulin overproduction?)
The pumps are sold through Medtronic's diabetes segment, which brought in $2.41 billion in sales in 2021 alone, accounting for eight percent of the company's total revenue.
Medtronic also warned users about the risks and made recommendations, including permanently turning off the "remote bolus" feature on the pump, avoiding sharing the device's serial number with unauthorized personnel or pairing the devices in a public place.
The company, however, said hackers cannot gain access to the devices through the internet. It added that it is now working with the FDA to identify, communicate and prevent issues related to this risk.
This is the second time in the past four years that cybersecurity vulnerabilities had been identified in Medtronic MiniMed insulin pumps. The company previously recalled its MiniMed 508 and MiniMed Paradigm series insulin pumps in 2019 due to cybersecurity vulnerabilities. This 2022 alert, however, did not include a recall.
In a perspective piece, Dr. David Kerr said severe hypoglycemia, or the so-called dark side of insulin, continues to be a concern despite advances in insulin formulations and delivery systems.
Calculating a safe and effective dose of insulin is not only a mathematical problem. It is also compounded by multiple outside influences on achieving glucose levels.
The potential for an unauthorized party to hack into the pump can cause the device to over or under-infuse insulin.
Hacking an insulin pump was shown to be possible by an expert hacker with Type 1 diabetes in 2011, who made it possible simply by knowing the serial number of the pump. Since then, the FDA's manufacturer and user facility device experience database of adverse events has received reports of malfunctioning insulin pumps.
The current vulnerability relating to the Medtronic MiniMed 600 insulin pump series already showed manufacturers providing corrective actions, which all appear to be straightforward.
Living with insulin treatment is hard enough and hacking pumps is hopefully more of a theoretical than a real-world problem. But Kerr noted that in today's technophilic world, the risk is not always zero.
Manufacturers should be responsible for product security, life cycle maintenance, vulnerability disclosure and creating and disseminating available patches and upgrades to ensure security of the technologies they produce.
End users, on the other hand, should be responsible for tracking and addressing discovered vulnerabilities, enabling security features, securing data in transit and rest and deploying solutions to monitor technologies and networks that are operating in their organization.
Visit MedicalTech.news to know more about the vulnerable aspects of technology used in medicine.
Watch the video below to learn more about diabetes.
This video is from the Health Love Money channel on Brighteon.com.