On July 2, 2019, Central Drug Standard Control Organization (CDSCO) issued an alert for insulin pumps manufactured by Medtronic for its potential cybersecurity risk which can be a serious health hazard for the patient, as the insulin pump can be accessed and controlled by another person by compromising the cybersecurity.

Background of Cybersecurity Risk

The CDSCO alert is followed by the United States Food and Drug Administration (US FDA) warning letter, which said that certain Medtronic MiniMed insulin pumps are being withdrawn from market due to potential cybersecurity risks. However, no such reports of unauthorized persons changing settings or controlling insulin delivery has been confirmed. Now the alert issued by CDSCO clearly describes the risks associated with the use of the device. According to the CDSCO alert cybersecurity risk allows an unauthorized person with special technical skills to connect to a nearby insulin pump wirelessly, and then take control over the device and change its settings. Medtronic knowing the high cybersecurity risk associated with the device has published the 'Field Safety Notification' for patients' awareness, which says:

  • Keep your insulin pump and the devices that are connected to your pump within your control at all times.
  • Do not share your pump serial number.
  • Be attentive to pump notifications, alarms, and alerts.
  • Immediately cancel any unintended boluses.
  • Monitor your blood glucose levels closely and act as appropriate
  • Do not connect to any third-party devices or use any software not authorized by Medtronic.
  • Disconnect your CareLink" USB device from your computer when it is not being used to download data from your pump.
  • Get medical help right away if you experience symptoms of severe hypoglycemia or diabetic ketoacidosis, or suspect that your insulin pump settings, or insulin delivery changed unexpectedly.1

Insulin Pumps

The insulin pump delivers insulin to a patient throughout the day via a catheter implanted under the skin. This does away with need of injecting insulin injections at regular intervals to maintain stable blood glucose. They are designed in a way where they communicate using a wireless radio frequency (RF) with other devices such as a blood glucose meters, glucose sensor transmitters

Conclusion

The alert advised to all the patients using insulin pumps to slowly choose an alternate mode of medication, due to reports of cybersecurity risk associated with insulin pumps, and some of these devices have been withdrawn from the market. Hence, FDA has raised an alert to the patients and health care providers on the adverse event of cybersecurity risk with the device. This alert will help the diabetic patients at a global level and will promote safe medication options in treating diabetes.

Footnotes

1. https://cdsco.gov.in/opencms/opencms/system/modules/CDSCO.WEB/elements/download_file_division.jsp?num_id=NDU0MA==

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.