Public Alert No: 0018/2019-Medtronic Insulin Pumps Cyber Security Risk
October 16, 2019,
The National Agency for Food and Drug Administration and Control has been informed that United States and Indian authorities issued alert on insulin pumps manufactured by Medtronic models, Minimed Paradigm (MMT-715, MMT-712 & MMT – 722) and MiniMed Paradigm Veo (MMT – 754) for cyber security vulnerabilities that could allow hackers to remotely alter the devices and control insulin delivery.
The hackers could change the pump’s settings to either over-deliver insulin to a patient, leading to low blood sugar (hypoglycemia), or stop insulin delivery, leading to high blood sugar and diabetic ketoacidosis.
Insulin pumps are small, computerized devices that mimic the way human pancreas works by delivering small doses of short acting insulin continuously (basal rate). The device is used to deliver amounts of insulin when a meal is eaten.
The products are available outside United States.
Product name: Minimed Paradigm (MMT-715, MMT-712 & MMT-722) and MiniMed Paradigm Veo (MMT-754) Insulin Pumps.
Product manufacturers: Medtronic Model Pumps, Devonshire Street Northridge, C A United States.
|Pump Model||Software Version|
|MiniMed™ 508||All versions|
|MiniMed™ Paradigm™ 511||All versions|
|MiniMed™ Paradigm™ 512/712||All versions|
|MiniMed™ Paradigm™ 515/715||All versions|
|MiniMed™ Paradigm™ 522K/722K||All versions|
|MiniMed™ Paradigm™ 523/723||Version 2.4A or lower|
|MiniMed™ Paradigm™ 523K/723K||Version 2.4A or lower|
|MiniMed™ Paradigm™ 712E*||All version|
|MiniMed™ Paradigm™ Veo 554CM/754CM||Version 2.7A or lower|
|MiniMed™ Paradigm™ Veo 554/754*||Version 2.6A or lower|
NAFDAC implores Healthcare Providers and Patients using the devices to ensure security precautions, including physically protecting the device, not sharing pump serial numbers and disconnecting the device from USB when not in use.
- Patients should consult health care provide regarding prescription to switch to a model with more cyber security protection.
- Insulin pump and devices that are connected to your pump should be kept within your control at all times.
- Patients should be attentive to pump notifications, alarms, and alerts.
- Glucose levels should be closely monitored by Patients and their healthcare Providers.
- Any unintended boluses should be immediately cancelled.
Consumers are advised to report adverse events related to the use on any of these devices to the nearest NAFDAC office, NAFDAC PRASCOR (20543 TOLL FREE from all networks), firstname.lastname@example.org or via NAFDAC ADR e-Reporting platform available on NAFDAC website www.nafdac.gov.ng
NAFDAC……………Safeguarding the health of the Nation!!!