Insulin pumps vulnerable to attack

Medtronic advises that two product lines of there are vulnerable to a RF-based attack that could result in changes to insulin delivery.
The MiniMed 508 and MiniMed Paradigm series of insulin pumps are vulnerable.
Medtronic advises that any patients using affected devices should contact their medical practitioner and until remedial work has been completed to observe the following guidelines.

  • Keep your insulin pump and devices connected to your pump within your control at all times.
  • Keep your pump serial number secure.
  • Be attentive to pump notifications, alarms, and alerts.
  • Immediately cancel any unintended boluses.
  • Monitor your blood glucose levels closely and act as appropriate.
  • Do not connect to any third-party devices or use any software not authorized by Medtronic.
  • Disconnect your CareLink™ software USB device from your computer when it is not being used to download data from your pump.
  • Get medical help right away if you experience symptoms of severe hypoglycemia or diabetic ketoacidosis, or suspect that your insulin pump settings, or insulin delivery changed unexpectedly.

The following pump models are vulnerable:

Insulin Pump Software Versions
MiniMed™ 508 pump All
MiniMedTM ParadigmTM 511 pump All
MiniMedTM ParadigmTM 512/712 pumps All
MiniMedTM ParadigmTM 712E pump All
MiniMedTM ParadigmTM 515/715 pumps All
MiniMedTM ParadigmTM 522/722 pumps All
MiniMedTM ParadigmTM 522K/722K pumps All
MiniMedTM ParadigmTM 523/723 pumps 2.4A or lower
MiniMedTM ParadigmTM 523K/723K pumps 2.4A or lower
MiniMedTM Paradigm™ Veo™ 554/754 pumps 2.6A or lower
MiniMedTM Paradigm™ Veo™ 554CM/754CM pumps 2.7A or Lower

The official announcement from Medtronic can be found here.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.