CDSCO Warning: Beware of hacking risk in Medtronic insulin pumps
New Delhi: Months after issuing an advisory against three models of pacemakers sold by the world’s largest medical device manufacturer, Medtronic, country's apex drug regulator CDSCO has now flagged an alert about insulin pumps manufactured by the US giant. CDSCO alert states that the company's MiniMed 508 Insulin Pump and MiniMed Paradigm Series Insulin Pumps have cybersecurity risks wherein someone other than the patient can wirelessly connect to them, change its settings and control the delivery.
The alert comes seven days after the US health regulator (USFDA) issued a warning to patients and health care providers that certain Medtronic MiniMed insulin pumps are being recalled due to potential cybersecurity risks.
Medical Dialogues had earlier reported that after pacemakers, insulin pumps by Medtronic had fallen under the U.S health regulatory scanner as the USFDA warned patients and health care providers that certain Medtronic MiniMed insulin pumps being recalled due to potential cybersecurity risks and recommends that patients using these models switch their insulin pump to models that are better equipped to protect against these potential risks.
Prior to this CDSCO had red-flagged three brands of pacemakers manufactured by US-based medical device maker Medtronic. As per the USFDA alert, three medical device reports in the USA, in which a Medtronic implantable pacemaker or cardiac resynchronization therapy pacemakers (CRT-P) battery had fully drained because of a crack in the device’s capacitator, without any warning to the patients or health care providers.
Raising yet another concern, CDSCO has now issued an alert related to the insulin pumps manufactured by Medtronic's that could enable a person to overdose the patient with insulin, leading to low blood sugar(hypoglycemia), or to stop insulin delivery, leading to high blood sugar and diabetic ketoacidosis (a buildup of acids in the blood).
"Security researchers have identified potential cybersecurity vulnerabilities related to these insulin pumps. Any unauthorised person with special technical skills and equipment could potentially connect wirelessly to a nearby insulin pump and change the pump's settings and control the delivery," the Central Drugs Standard Control Organisation (CDSCO) said in its alert.
The CDSCO has advised healthcare professionals, distributors and users and staff involved in the management of patients to check and see if the model and the software version of their insulin pump is affected. It has advised them to monitor blood glucose levels closely and immediately cancel any unintended boluses.
It also advised not to share the pump serial number, be attentive to pump notifications, alarms and alerts and connecting the Medtronic insulin pump in use to other Medtronic devices and software only.
The CDSCO stated that it has not received any complaints from the market on the issue nor is it aware of any confirmed reports of patient harm related to these potential cybersecurity risks.