Health officials warn of hacking risk in certain insulin pumps - Action News
Home WebMail Tuesday, November 26, 2024, 11:35 AM | Calgary | -13.1°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
Health

Health officials warn of hacking risk in certain insulin pumps

A cybersecurity issue has been identified in the MiniMed 508 and MiniMed Paradigm series of wireless insulin pumps made by Medtronic.

Medtronic Canada says it has notified all customers in Canada who might be affected

Some models of Medtronic wireless insulin pumps could be hacked, so health officials are warning patients to stop using them and take precautions. (CBC)

Health officials are warning against the use of certain wireless insulin pumps because of arisk they could be hacked.

A cybersecurity issue has been identified in the MiniMed 508 and MiniMed Paradigm series of insulin pumps made by Medtronic.

A spokesperson for Medtronic Canada declined to say how many customers were affected but said the company has notified anyone who purchased the pumps in the past and may not have already upgraded.

The notification follows a warning from the U.S. Food and Drug Administration on Thursday that those models of pumps were being recalled due to the cybersecurity risk.

Medtronic said it has notified around 4,000 patients in the U.S. who could potentially be using an insulin pump affected by this issue.

The U.S. drug regulator said it was not aware of any confirmed reports of patient harm related to the potential cybersecurity risks but said it was "concerned" that someone other than the patient, a caregiver or health care provider could potentially connect wirelessly to a MiniMed insulin pump and change its settings.

That could allow a hacker to control the amount of insulin delivered to a patient, possibly leading to negative and potentially life-threatening health consequences: too much insulin can lead to hypoglycemia, and too little insulin could cause ketoacidosis (a buildup of acids in the blood).

"The risk of patient harm if such a vulnerability were leftunaddressed is significant," the FDA said.

Medtronic's MiniMed Paradigm series of insulin pumps and MiniMed 508 pump were found to have a cybersecurity risk. (Rogelio V. Solis/The Associated Press)

A wireless pumpallows a patientto send their glucose readings directly to the pump because itcommunicatewirelessly with the glucose meter. A patientcan alsoupload their data so they can track it and share it with their doctors.

While health professionals have warned that wireless medical devices like all devices that connect to the internet could possibly be hacked, it's largely a theoretical risk so far.

Roxane Blanger of Medtronic Canada said the devices date from 2015 and earlier, and the company is unable to upgrade the software to improve thewireless security.

The company recommends patients talk to their health care providers about switching to a newer model with better cybersecurity. In the meantime, they should follow the precautions outlined in the letter sent to customers.

Health Canada posted an advisoryon its website about the Medtronic insulin pumps on Saturday.

The agency said it is not aware of any reports of patient harm related to this issue, and considers it to be "low in probability and risk."

It said the settings could only be altered by an unauthorized person if they know the serial number of the specific pump, can connect wirelessly nearby and have the necessary technical skills and the correct radio frequency equipment.

Health Canada also provided instructions for patients to check the model number and software version of their devices.

Cybersecurity vulnerabilities were found in some of Medtronic's implantable defibrillators earlier this year. The FDA sent out a "safety communication" in March but did not recall any devices.