The notice — dated this month — covers the company’s MiniMed 600 series insulin pumps (MiniMed 630G and 670G). Affected devices also include the Guardian Link 3 transmitter, Contour Next Link 2.4 blood glucose monitor and the CareLink USB.
Medtronic recently identified a potential issue through internal testing with the devices. Under specific circumstances, unauthorized access could compromise communication between the pump system’s components. For such access to occur, a nearby person would need to gain access to the pump at the same time it is being paired with other system components. This can’t be done over the internet.
The company said it has no evidence to date that any such issue has occurred. Likewise, the FDA said it is not aware of any reports related to this cybersecurity vulnerability.
However, should unauthorized access happen, it could be used to deliver too much or too little insulin. The unauthorized person could deliver an unintended bolus or slow/stop insulin delivery.
In these cases, too much insulin may result in hypoglycemia (low blood sugar), potentially causing seizure, coma or death. Too little insulin could result in hyperglycemia (high blood sugar), which can lead to diabetic ketoacidosis (DKA).
The FDA said it is working with the company to identify, communicate, and prevent adverse events related to the cybersecurity vulnerability.
Medtronic provides actions for the user to take
Medtronic’s notice included required actions and recommended precautions for users. The company instructed users to turn off their “Remote Bolus” feature on the pump if turned on.
The notice recommends that users keep their pump and connected system components within their control at all times. Additionally, users should be attentive to notifications, alarms and alerts and cancel any boluses they or their care partner did not initiate.
Users should not confirm remote connection requests or other remote actions unless initiated by themselves or their care partner. They should not connect third-party devices to the MiniMed pump.
More trouble for Medtronic Diabetes?
Earlier this year, CEO Geoff Martha cited uncertainty over approval timing for Medtronic’s next-generation platforms. That includes the MiniMed 780G insulin pump and Guardian 4 CGM sensor.
Uncertainty comes as a result of a December 2021 FDA warning letter highlighting inadequacies in specific medical device quality system requirements at its Diabetes business’ Northridge, California, facility. Martha said on the company’s third-quarter earnings call that it achieved 90% of the FDA’s action items related to the warning.
Earlier this month, the law firm of Kessler Topaz Meltzer & Check announced a lawsuit in the U.S. District in Minnesota, claiming securities fraud over how Medtronic disclosed insulin pump problems.
