TLP White HC3: Alert: Medtronic Insulin Pump Remote Controller Amplify Alert October 7, 2021

Executive Summary

Medical technology company Medtronic issued an urgent recall for two models of their insulin pump remote controllers, models MMT-500 and MMT-503, due to cybersecurity/hacking concerns. Compromise of these devices could potentially lead to significant health consequences for patients.

Report

Medtronic Recalls Remote Controllers Used with Paradigm and 508 MiniMed Insulin Pumps for Potential Cybersecurity Risks
https://www.fda.gov/medical-devices/medical-device-recalls/medtronic-recalls-remote-controllers-used-paradigm-and-508-minimed-insulin-pumps-potential

Impact to HPH Sector

These devices were sold in the United States from 1999 to 2018, and more than 31,000 vulnerable units are estimated to be in use by diabetic patients. Both recalled devices are used with the Medtronic MiniMed 508 insulin pump and the MiniMed Paradigm family of insulin pumps. Compromise could allow for a malicious individual to modify the signals sent from the controllers to the pumps and deliver or block insulin doses, causing health consequences for diabetic patients using the pumps.

References

Medtronic Recalls Remote Controllers Used with Paradigm and 508 MiniMed Insulin Pumps for Potential Cybersecurity Risks
https://www.fda.gov/medical-devices/medical-device-recalls/medtronic-recalls-remote-controllers-used-paradigm-and-508-minimed-insulin-pumps-potential

Medtronic urgently recalls insulin pump controllers over hacking concerns
https://www.bleepingcomputer.com/news/security/medtronic-urgently-recalls-insulin-pump-controllers-over-hacking-concerns/

Medtronic issues ‘urgent’ recall of insulin pump controller vulnerable to hacks
https://www.theverge.com/2021/10/6/22712808/medtronic-recall-insulin-pump-controller-cybersecurity-hack

Contact Information

If you have any additional questions, please contact us at HC3@hhs.gov.

View the entire report below.