Federal authorities have issued urgent advisories – and Medtronic a voluntary product recall – concerning a cybersecurity vulnerability identified in a line of the medical device maker’s insulin pumps.
If exploited, the flaw could result in patients receiving too little or too much insulin, which in extreme cases could result in death.
Diabetic patients with hypoglycemia – low blood sugar – can experience seizures, coma or death. Too little insulin could result in hyperglycemia – high blood sugar – which can potentially lead to diabetic ketoacidosis.
Medtronic says that it has seen no evidence of anyone exploiting the insulin pump vulnerability, which exists in its entire line of MiniMed 600 Series Insulin Pumps.
The Food and Drug Administration and the Cybersecurity and Infrastructure Security Agency each issued their own related advisories on Tuesday about the problem, as did Medtronic.
Medtronic’s recall does not ask that customers return the devices or discontinue their use but rather that they take certain steps to mitigate the problem.
