FDA reports potential cybersecurity risk with insulin pump system

Sep 20, 2022 - 03:24 PM
What Boards Need to Know About Cybersecurity

The communications protocol for the Medtronic MiniMed 600 Series Insulin Pump System could allow an unauthorized person to access the pump to deliver too much or too little insulin, the Food and Drug Administration alerted users today. The agency said it is not aware of any reports related to this cybersecurity vulnerability. Medtronic recommends users take certain actions and precautions to protect their device from unauthorized access.

John Riggi, AHA’s national advisor for cybersecurity and risk, said, “The health care field is rapidly expanding the use of network- and internet-connected medical technologies, which help improve patient outcomes and increase clinical and business efficiencies. However, the increased use of network and internet connections also expand our cyber ‘attack surface,’ allowing many more potential entry points into our networks if not properly secured — and in this case, potentially impacting the operational safety of a patient-connected medical device. Last week the FBI issued an alert warning that cyber threat actors are exploiting medical device vulnerabilities, which could potentially adversely impact health care facilities’ operational functions, patient safety, and data confidentiality and data integrity. Given this heightened medical device cyber threat environment, it is essential that the biomedical engineering and cybersecurity functions in hospitals and health systems work in close coordination to efficiently identify and patch cyber vulnerabilities in medical devices.” 

For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org.

Related News Articles

Headline
HHS Deputy Secretary Palm discusses Change Healthcare attack and future of cybersecurity
Department of Health and Human Services Deputy Secretary Andrea Palm addressed AHA Annual Membership Meeting attendees about the Administration’s work to…
Headline
Representative Guthrie discusses cybersecurity, prior authorizations and telehealth
Rep. Brett Guthrie, R-Ky., today addressed attendees of AHA’s 2024 Annual Membership Meeting and touched on many of the biggest issues in health care:…
Headline
AHA testifies at hearing on health care cybersecurity
Testifying April 16 before a House Energy and Commerce Subcommittee on Health hearing on addressing health care cybersecurity vulnerabilities in the wake of…
Headline
Administration officials discuss cybersecurity threats affecting hospitals, health care sector
Two Administration officials April 14 discussed how the federal government is working with hospitals and other parts of the health care sector to defend…
Headline
Oregon senator discusses fallout from Change Healthcare cyberattack, access to care in rural communities
Sen. Ron Wyden, D-Ore., expressed to AHA members frustration with the Change Healthcare cyberattack, which he believes jeopardized patients and their personal…
Headline
CMS administrator highlights response to Change Healthcare cyberattack, prior authorization improvements
The Change Healthcare cyberattack was a significant event that caught many off guard, said the Centers for Medicare & Medicaid Services Administrator…