FDA Cautions on Cybersecurity Risk of Some Medtronic Insulin Pumps

Published on
By : dLife Editors

The U.S. Food and Drug Administration (FDA) issued a warning to patients and health care providers that certain Medtronic MiniMed insulin pumps are being recalled due to potential cybersecurity risks.

The recalled pumps are Medtronic’s MiniMed 508 insulin pump and MiniMed Paradigm series insulin pumps. In the U.S., Medtronic has identified 4,000 patients who are potentially using insulin pumps that are vulnerable to this issue.

The agency recommends that patients using these models switch their insulin pump to models that are better equipped to protect against these potential risks.

The potential risks are related to the wireless communication between Medtronic’s MiniMed insulin pumps and other devices such as blood glucose meters, continuous glucose monitoring systems, the remote controller and CareLink USB device used with these pumps.

The FDA is concerned that, due to cybersecurity vulnerabilities identified in the device, someone other than a patient, caregiver or health care provider could potentially connect wirelessly to a nearby MiniMed insulin pump and change the pump’s settings.

This could allow a person to over deliver insulin to a patient, leading to low blood sugar (hypoglycemia), or to stop insulin delivery, leading to high blood sugar and diabetic ketoacidosis (a buildup of acids in the blood).

“The FDA urges manufacturers everywhere to remain vigilant about their medical products—to monitor and assess cybersecurity vulnerability risk, and to be proactive about disclosing vulnerabilities and mitigations to address them,” said Dr. Suzanne Schwartz, deputy director at the FDA’s center for devices and radiological health.

“While we are not aware of patients who may have been harmed by this particular cybersecurity vulnerability, the risk of patient harm, if such a vulnerability were left unaddressed, is significant,” she added.

Medtronic is providing alternative insulin pumps to patients with enhanced built-in cybersecurity capabilities.

Medtronic is unable to adequately update the MiniMed 508 and Paradigm insulin pumps with any software or patch to address the devices’ vulnerabilities.

The FDA is working to assure that Medtronic addresses this cybersecurity issue, including helping patients with affected insulin pumps switch to newer models with better cybersecurity controls.

For more information, you can view the FDA safety communication here. You can also view the Medtronic Patient Letter here.


  1. FDA. (2019, June 28). FDA warns patients and health care providers about potential cybersecurity concerns with certain Medtronic insulin pumps. PR Newswire. Retrieved June 28, 2019, from https://prnmedia.prnewswire.com/news-releases/fda-warns-patients-and-health-care-providers-about-potential-cybersecurity-concerns-with-certain-medtronic-insulin-pumps-300876422.html