Zero-Day Vulnerability Prompts Med Company to Recall Wireless Insulin Pumps

Medtronic, the medical company which manufactures wireless insulin pumps, has just made the public aware of its intentions of recalling some 4,000 products. In an official communiqué, Medtronic declared that recalled models were found to be susceptible to outside tampering.

US’s Food and Drug Administration has also urged customers to have their products exchanged or use a different device. The flaw was discovered by a cybersecurity company a couple of weeks ago.

What’s the big deal about using a hackable insulin pump?

Well, hacking is and has always been a major concern for consumers and the private sectors, but when it comes to life-threatening consequences, the situation takes an entirely different turn.

Now, according to the cybersecurity company which identified the issue, anyone with the right tools and expertise can hack into the RF device.

Once inside, the hacker can increase or decrease the patient’s insulin dose. What’s even worse is that the patient’s not even aware of what’s happening.

According to Medtronic and the FDA, this issue can have a devastating impact, since the tampering with the insulin dose can lead to diabetic ketoacidosis (the body produces a high level of ketones, acids produced by your blood when it breaks down fatty acids).

And yes, if left unattended, diabetic ketoacidosis can lead to death.

So, why would one care to use a medical device that can’t be hacked? Because the consumers were unaware of the fact that the device their very life depended upon was vulnerable until Medtronic decided to pull the plug.

An early estimate reveals that some 4,000 RF insulin pumps might be affected by this issue. Since this is a voluntary recall, you can get yours exchanged at no additional costs.

According to the manufacturer, the following models will be recalled, beginning on the 27th of July:

– MiniMed 508: All versions
– MiniMed Paradigm 511: All versions
– MiniMed Paradigm 512/712: All versions
– MiniMed Paradigm 515/715: All versions
– MiniMed Paradigm 522/722: All versions
– MiniMed Paradigm 522K/722K: All versions
– MiniMed Paradigm 523/723: Version 2.4A or lower
– MiniMed Paradigm 523K/723K: Version 2.4A or lower
– MiniMed Paradigm 712E: All versions
– MiniMed Paradigm Veo 554CM/754CM: Version 2.7A or lower
– MiniMed Paradigm Veo 554/754: Version 2.6A or lower

Before doing anything, you should definitely have a word with your physician. Now, until you’re able to get a new RF insulin pump from the company, there are a couple of things you should do in order to safeguard your device.

Medtronic advises its customers to conceal the device’s serial number and to avoid connecting it to third-party hardware or software. Other advice includes disconnecting the CareLink USB cable from the PC when the device is not in use and keeping it up to date.

Wrap-up

What more can I say? Hacking has just got a lot more dangerous; sure, an empty bank account or someone knowing where you leave are legit insomnia reason, but at least you’re not dead.

Well, Medtronic’s discovery proves that technology can indeed kill and it can do so anywhere and without you ever knowing who pulled the trigger. What’s your take on this zero-day vulnerability? Hit the comments section and let me know.

About Daniel Sadler

Old-school PC gamer, poetry buff, cat lover, tech wiz. His writing career began almost two decades ago when he modestly acknowledged that hindsight or, lack thereof, can compromise security. He enjoys spending quality time with his friends and family. Most of his friends refer to Daniel as a "man of a few words, but, man, what words!" His interests include cybersecurity, IT, blogging, and, of course, everything related to technology.

Leave a Reply

Your email address will not be published. Required fields are marked *