Companies

DCGI red-flags cyber-security issues in some insulin pumps of Medtronic

Maitri Porecha New Delhi | Updated on July 03, 2019 Published on July 03, 2019

Representational image only

Regulator says hackers could tinker with patients’ dosage

Your insulin pump could pose a threat to life. The Drug Controller General of India (DCGI) has found that certain models are vulnerable to hackers, who may increase or decrease doses of insulin delivery to the patient surreptitiously.

The drug regulator has issued a medical device alert over four models of India Medtronic Private Ltd, a Gurugram-based company, saying that these pose a cyber-security risk to patients.

MiniMed Paradigm (MMT-715, MMT-712, MMT-722) and MiniMed Paradigm Veo (MMT-754) can be hacked by a person with special technical skills who could tweak insulin delivery dosage of the user patient, the DCGI stated in a medical device alert.

“These insulin pumps are designed to communicate using wireless radio frequency (RF) with other devices such as blood glucose meters, glucose sensor transmitters and certain CareLink USB devices. An unauthorised person with special technical skills and equipment could potentially connect wirelessly to a nearby insulin pump to change the settings and control insulin delivery,” states the medical device alert.

Appeal to users

The DCGI has appealed to medical directors, healthcare professionals, distributors, users and staff involved in management of patients to check if the model and software version of the insulin pump fall amongst the four risky models.

If they do, patients should switch to a model with more cyber security protection.

“Patients should not share the pump serial number with anyone, and be attentive to pump notifications, alarms and alerts. A patient should monitor his/her blood glucose levels closely. Connect the Medtronic insulin pump to other Medtronic devices and software only. It is also advisable to disconnect the USB device from your computer when you are not using it to download data from your pump,” said the medical device alert.

On June 27, the USFDA issued a safety alert and India Medtronic Private Ltd was issued a field safety notification regarding the potential risks that some of its insulin pumps pose. However, the DCGI has not received any complaints from affected patients as yet.

A safety alert

MiniMed Paradigm (MMT-715, MMT-712, MMT-722) and MiniMed Paradigm Veo (MMT-754) are vulnerable

Hackers with right skills could exploit the wireless radio frequency of the device for manipulation

 

 

Published on July 03, 2019
  1. Comments will be moderated by The Hindu Business Line editorial team.
  2. Comments that are abusive, personal, incendiary or irrelevant cannot be published.
  3. Please write complete sentences. Do not type comments in all capital letters, or in all lower case letters, or using abbreviated text. (example: u cannot substitute for you, d is not 'the', n is not 'and').
  4. We may remove hyperlinks within comments.
  5. Please use a genuine email ID and provide your name, to avoid rejection.