February 21, 2020

February 20, 2020

Subscribe to Latest Legal News and Analysis

February 19, 2020

Subscribe to Latest Legal News and Analysis

February 18, 2020

Subscribe to Latest Legal News and Analysis

Privacy Tip #197 — Medtronic 508 (MiniMed) Insulin Pumps Recalled

In my 25 years in the data privacy and cybersecurity profession, this is the first time that I believe a medical device has been recalled because of a cybersecurity risk. This week, Medtronic recalled its 508 Insulin pumps because of cybersecurity vulnerabilities.

The FDA urged the recall, saying in a notice: “The FDA is concerned that, due to cybersecurity vulnerabilities identified in the device, someone other than a patient, caregiver or health care provider could potentially connect wirelessly to a nearby MiniMed insulin pump and change the pump’s settings. This could allow a person to over deliver insulin to a patient, leading to low blood sugar… or to stop insulin delivery, leading to high blood sugar and diabetic ketoacidosis.” the FDA notice says.

Medtronic has identified 4,000 patients who use the pump, and is in the process of working with distributors to identify others. The pump is connected to other insulin equipment, including glucose monitoring systems. Medtronic has issued a letter to patients advising them to discuss the recall and options with their health care provider.

According to the notice, the MiniMed 508 pumps can’t be updated to address security flaws in the device’s firmware, which is a remedy we have seen with other medical device vulnerabilities, which could be addressed remotely. The company is offering alternatives with “enhanced built-in security capabilities.” Unfortunately, it looks like these alternatives are not remote fixes as they were in the past.

If you have a Medtronic 508 MiniMed insulin pump, reach out to your health care provider to address the cybersecurity vulnerability identified by Medtronic and the FDA.

Copyright © 2020 Robinson & Cole LLP. All rights reserved.


About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...