Medical Device Puts Insulin Pump Users At Risk Of Being Hacked
By: Jim Stickley and Tina Davis
October 13, 2019
It’s no secret that in recent years, the medical industry has been the focus of countless cyberattacks. Although ransomware attacks are quite common against hospitals and other healthcare providers, medical device hacking vulnerability is one more thing the medical field and its patients need to worry about. A recent breach involves certain insulin pumps made by Medtronic, the largest medical device manufacturer in the world.
It was troublesome enough that the FDA issued a recall for the devices, warning users about potential hacking. However, Medtronic insists they are replacing the devices for free instead of having an official recall.
According to Medtronic, there are currently 4,000 patients in the United States identified as using the troubled insulin pumps. The device in question is the MiniMed series insulin pump, and Medtronic is now replacing them with a newer, safer model.
It seems the pumps can be hacked and accessed remotely to change the pumps settings, which can have serious outcomes for its users. The security vulnerability can’t be patched and replacing a MiniMed device is the only secure option for Medtronic and its patients. An FDA spokesperson said, “While we are not aware of patients who may have been harmed by this particular cybersecurity vulnerability, the risk of patient harm if such a vulnerability were left unaddressed is significant…”
Users who have not been contacted by Medtronic yet, should be proactive and contact them. This truly is a matter of life or death, even if the hacker is just poking around in there to see what can be done. Changing insulin doses is not to be taken seriously. Also, make sure all devices are kept updated whenever the manufacturer issues one. Don’t wait around thinking you’ll “get around to it.” When that time comes, it may already be too late.
This latest medical device weakness is just one of many reported the past several years. Hackers who are willing to freeze and encrypt entire healthcare systems to collect a ransom, literally putting the lives of patients at risk, may not think twice about exploiting other medical equipment. And there’s no shortage of reports about medical devices of all kinds being vulnerable to hacking. From e-prescription pens a doctor uses to write and send prescriptions electronically, to pacemakers and other devices helping keep a patient alive, the hacking opportunities are there. The FDA is working proactively with US device manufacturers to fix or replace the vulnerabilities with cybersecure devices, also alerting those patients who currently use them. Keeping tabs on medical recalls for a device can also help keep users in the know.