Medtronic MiniMed Remote Controllers Recalled Due to Major Cybersecurity Issue

The Food and Drug Administration (FDA) has given a notification to end-users of Medtronic wireless insulin pumps concerning a critical security vulnerability impacting a number of remote controllers.

MiniMed insulin pumps are employed to deliver insulin to help control diabetes. The pumps come with an optional remote controller device for connecting wirelessly with the insulin pump. A security analyst found a cybersecurity issue in older versions of remote controllers that employ previous-generation technology that can likely be used to cause harm to consumers of the pumps.

An unauthorized individual could use the cybersecurity vulnerability to report and playback the wireless communication in between the MiniMed insulin pump and the remote. Employing expert equipment, an unauthorized person in the locality of the insulin pump end-user can transmit radio frequency signals to the device to tell it to over-supply insulin to a patient or halt insulin supply. Over-supply of insulin may bring about hazardously low blood sugar levels and ending insulin delivery may lead to diabetic ketoacidosis and also death.

Medtronic MiniMed 508 insulin pumps and the MiniMed Paradigm family of insulin pumps were actually the issues of a product recall. There were cybersecurity issues that were formerly discovered in the pumps, that cannot be properly mitigated by means of updates or patches.

The newest security concern has seen Medtronic widen the product recall, which at this point include all MiniMed Remote Controllers (models MMT-500 and MMT-503), which are employed with the Minimed Paradigm Family Of Insulin Pumps Or The Medtronic Minimed 508 Insulin Pump.

Medtronic hasn’t been processing or releasing the vulnerable remote controllers as of July 2018, nevertheless, a number of patients, healthcare organizations, and caregivers continue to utilize the devices.

This product recall is a Class 1, meaning the most severe classification, seeing that the concerns with the remote controllers can cause major injuries or demise. The FDA claims there were no reported incidents of vulnerability exploitation in the devices that caused problems to patients.

The FDA suggests users must promptly stop making use of the impacted remote controller, switch off the easy bolus function, shut off the radio frequency feature, remove all remote controller IDs set into the pump, remove the remote controller from the insulin pump, and give back to Medtronic the remote controller.