Medtronic’s MiniMed 600 Series Pump Faces Cybersecurity Vulnerability

"Medical devices play a critical role in modern healthcare. But, with device importance comes the ever-increasing threat of cybersecurity breaches or potential entry points for bad actors. In the current industry, it is par-for-the-course to implement security measures into all devices to minimize such occurrences, but unforeseen circumstances are bound to occur.

One such circumstance is the recent urgent medical device correction from Medtronic warning of a MiniMed 600 Series insulin pump system communication issue uncovered by the company. Medtronic reported in its Sept. 20 letter that these certain types of insulin pump systems were vulnerable to cyberattacks and hackers could potentially hamper insulin delivery by accessing the device, administering too much or too little insulin to the devices recipient.

The MiniMed 600 series pump system includes MiniMed 630G with model numbers MMT-1715, MMT-1755, and MMT-1754, and MiniMed 670G with model numbers MMT-1780, MMT-1781, MMT-1782, MMT-1760, MMT-1761, MMT-1762, MMT-1740, MMT-1741, MMT-1742. This series has components that communicate wirelessly such as to an insulin pump, continuous glucose monitoring transmitter, blood glucose meter, and CareLink USB device.

According to the company letter and an FDA release, for unauthorized system access to occur, a nearby person without permission to access the system – a person other than the insulin recipient or care partner – would need to access the pump while it is being paired with other system components. The potential issue was identified by Medtronic through internal testing and showed that under specific circumstances, communication between pump system components could be compromised. Of note, Medtronic states that this cannot be done over the internet and there is no evidence to date that such an issue has occurred.

“Our internal testing has indicated there is a remote likelihood of this issue occurring as it would require physical proximity to the communication signal while the pump is being paired and advanced technical knowledge,” wrote Pamela Reese, director of global communications & corporate marketing, Diabetes Group at Medtronic, in a statement to MD+DI. “This also cannot be done through the internet. This notification relates only to the MiniMed 600 series pump systems and does not impact other Medtronic pump systems.”..." Lire la suite