Medtronic Cybersecurity Risks: Some Devices Should Be Returned to Vendor
The Outdated Versions of Some Remote Controllers Could Allow Cyberattacks.
Some Medtronic cybersecurity risks were discovered in relation to the “MiniMed Paradigm” products range, that is why the company urges immediate returning to vendors the remote controllers associated with MiniMed Paradigm insulin pumps.
Medtronic Cybersecurity Risks: More Details
The problematic devices we are talking about are the MMT-500 and MMT-503 models. Diabetics use these together with the MiniMed Paradigm insulin pumps family and also with the insulin pump named Medtronic MiniMed 508.
What’s the issue?
According to BleepingComputer, these remote controllers are old and can permit a hacker to perform some records and replays of the wireless communication signal. This is basically produced when the user transmits a command to the insulin pump by pressing a controller button.
This way, unauthorized people could take charge of the remote controller and send too much insulin to the patient or prevent its delivery. If this happens, diabetics could have severe health issues, since hypoglycemia or ketoacidosis might take place.
The company also mentioned to the same publication that there are no reports yet of these remote controllers being exploited.
What the Company Says About It
Medtronic has released a medical device recall communication and informs users to immediately stop using these old versions of remote controllers:
You should immediately stop using and disconnect the remote controller, disable the remote feature, and return the remote controller to Medtronic.
Medtronic’s clients have received a notification letter with what they have to do about it, but those who use second-hand devices can also review the instructions in the document named Urgent Medical Device Recall’ mentioned above.
The next step after the controller is out of use, is the IDs deletion. Then, using this form, they should be returned to the vendor.
Diabetics use insulin pumps in order to receive the needed dose of insulin and the remote controller associate with these pumps just helps them to have wireless control over the devices.
This issue is not quite new, as Medtronic engaged in running a national recall program back in 2019 in relation to these insulin pumps. At the time, the risks were correlated with Man-in-the-Middle attacks, through which a hacker could have exploited the connection between the insulin pump and other medical devices. Medical devices that can be used with insulin pumps are, for instance, systems performing flow monitoring or blood glucose meters.