Medtronic recalls MiniMed pump models on cybersecurity risk

Medtronic (NYSE:MDT) today recalled two models of its MiniMed insulin pumps after researchers discovered cybersecurity risks that could allow a hacker to take control of the devices.

The recall affects 11 models in Fridley, Minn.-based Medtronic’s line of MiniMed 508, MiniMed Paradigm and MiniMed Paradigm Veo pumps, according to the FDA. Medtronic said the pumps are designed to wirelessly communicate with other devices such as glucose meters, glucose sensor transmitters and its own CareLink USB devices.

“Security researchers have identified potential cybersecurity vulnerabilities related to these insulin pumps. An unauthorized person with special technical skills and equipment could potentially connect wirelessly to a nearby insulin pump to change settings and control insulin delivery. This could lead to hypoglycemia (if additional insulin is delivered) or hyperglycemia and diabetic ketoacidosis (if not enough insulin is delivered),” Medtronic said in a field alert dated today.

There have been no confirmed reports of unauthorized hackers changing settings or controlling insulin delivery, the company said. Patients using the pumps listed below are advised to switch to devices “that are better equipped to protect against these potential risks,” the federal safety watchdog said.

Here is a list of the affected devices: