FDA warns of cybersecurity risk with certain Medtronic insulin pumps

The U.S. Food and Drug Administration on Tuesday warned that certain types of insulin pump systems manufactured by Medtronic were vulnerable to cyberattacks and that hackers could potentially hamper insulin delivery by accessing the device.

The agency issued a cybersecurity risk alert for the Medtronic MiniMed 600 Series insulin pump system, which has several components including an insulin pump and a blood glucose meter that communicate wirelessly.

The FDA said an unauthorized person could gain access to a pump while it was pairing with other system components, but so far, it was not aware of any reports related to this cybersecurity vulnerability.

The insulin pumps are sold through Medtronic's diabetes segment, which brought in $2.41 billion in sales in 2021 and accounted for 8% of the company's total revenue.

Medtronic also warned users about the risks and made recommendations including asking them to permanently turn off the "Remote Bolus" feature on the pump, not share the device's serial number with unauthorized personnel or conduct any connection linking of devices in a public place.

The company said hackers, however, cannot gain access to the device through the internet.

The FDA said it was working with Medtronic to identify, communicate and prevent adverse events related to this risk.