Skip to main content

Manufacturer Correction – MiniMed 508 insulin pump cybersecurity vulnerabilities

By February 24, 2023Recalls

Reason for Device Correction

The MiniMed 508 insulin pump and the MiniMed Paradigm series insulin pumps are designed to communicate using a wireless radio frequency (RF) with other devices such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. Security researchers identified potential cybersecurity vulnerabilities related to these insulin pumps.

Risk to Health

The potential is an unauthorized person with special technical skills and equipment could potentially connect wirelessly to a nearby insulin pump to change the settings and control insulin delivery. This could lead to hypoglycemia (if additional insulin is delivered) or hyperglycemia and diabetic ketoacidosis (if not enough insulin is delivered).

At this time, there have been no confirmed reports of unauthorized persons changing settings or controlling insulin delivery.

Actions to be taken by the Customer

Review and take the following cybersecurity precautions listed below:

  1. Keep your pump and connected system components within your control at all times.
  2. Be attentive to pump notifications, alarms, and alerts.
  3. Immediately cancel any boluses you or your care partner did not initiate, monitor blood glucose levels closely and reach out to Medtronic 24-Hour Technical Support to report the bolus.
  4. Disconnect the USB device from your computer when you’re not using it to download pump data.
  5. DO NOT share your pump’s or devices’ serial numbers with anyone other than your care partner,
    healthcare provider, distributors, and Medtronic.
  6. DO NOT accept, calibrate, or bolus using a blood glucose reading you didn’t initiate.
  7. DO NOT connect to allow any third-party devices not included with your pump system to be connected to your pump.
  8. DO NOT use any software which has not been authorized by Medtronic as being safe for use with your pump.
  9. Get medical help immediately when experiencing symptoms of severe hypoglycemia or diabetic ketoacidosis.
  10. Reach out to Medtronic 24-Hour Technical Support if you suspect a pump setting or insulin delivery has changed unexpectedly, without your knowledge.

If you have further questions or need assistance you may contact Medtronic’s 24-Hour Technical Support at 800-646-4633, option 1.