Medical device company Medtronic issued a quick recall of the remote control for certain insulin pumps because they are vulnerable to hacks. It is possible for someone to copy the signals sent from the controllers to the pumps and deliver or block a dose of insulin, which can be dangerous for diabetic patients using the pumps.
In the recall statement, Medtronic said that it was not aware of any situations where this type of hack has occurred. The company was first made aware of the problem in 2018 after an independent cybersecurity researcher found the vulnerability and told users about the problem. This initial warning told users how to disable the remote control feature when not in use.
Now the company says people should not use the remote controls. “After further review, Medtronic has determined that the potential risks associated with the MiniMed remote control outweigh the benefits of its continued use,” the recall notice states.
Medtronic also issued a safety announcement in 2019 about the danger of hacks in the same set of insulin pumps, the MiniMed 508 insulin pump and the MiniMed Paradigm family of insulin pumps. The Food and Drug Administration was also involved and issued a statement saying the agency was concerned about the possibility that someone could hack into the pumps and change the dose of insulin delivered to patients.
Experts have been concerned about cybersecurity risks with insulin pumps for nearly a decade since security researcher Jay Radcliffe broke into his own Medtronic pump on stage at a conference.
As more and more medical devices are connected to the Internet and healthcare becomes a major target of ransomware attacks, concerns about things like insulin pumps, pacemakers and other products have only grown. “There has not been a really high-profile case of a patient being killed or seriously injured, but it’s just a matter of time,” Mike Johnson, an expert in securities technology at the University of Minnesota’s Technological Leadership Institute, told The edge in September.