Thursday, December 9

The Medicines Agency withdraws remote controls of insulin pumps due to risk of hacking

It is one of the first known cases of withdrawal of a medical device for cybersecurity reasons in Spain. According to the Spanish Agency for Medicines and Health Products (AEMPS), “according to the information provided by the company, an unauthorized person near the user of an insulin pump could copy the wireless radio frequency signals from the remote control. away from the user and reproduce them later. ”

According AEMPS continues, “This could lead to hypoglycemia if extra insulin is given, or hyperglycemia if insulin is stopped.” In other words, you could try to kill someone, or at least cause serious harm, by copying the radio frequency of the remote controls and then cloning them to take control of the insulin pump.

The affected MiniMed remote controls correspond to model numbers MMT-500 or MMT-503, manufactured by Medtronic MiniMed, USA, and are used with the MiniMed 508 insulin pumps or the MiniMed Paradigm family of insulin pumps.

They communicate with the insulin pump via wireless radio frequency (RF) and are used to program the delivery of a specific amount of insulin (or bolus) into the Medtronic pump without pressing any button on the pump.

These products have been distributed in Spain through the company Medtronic Iberica SA, C / María de Portugal 11, 28050 Madrid. These remotes are not currently manufactured or distributed.

The company is sending a notice to health centers, which monitor patients who have the MiniMed remote controls included in the “Affected Products” section, together with a letter addressed to the patients themselves, informing them of the problem detected and the actions to be followed.

In the letter to the patients, Meditronic explains, to reassure, that anyway cloning the remote is not an easy action and several factors must be present for the pump to be vulnerable:

  • The remote pump option must be enabled. This setting is not activated at the factory and must be activated by the user
  • The user’s remote control ID must be registered in the pump.
  • The Easy BolusTM option should be on and a bolus increment should have been programmed into the pump.
  • An unauthorized person would have to be near the user, with the necessary equipment to copy the radio frequency signals activated when the user is delivering a bolus with the remote control.
  • The unauthorized person would have to be very close to the user to reproduce the radio frequency signals and thus
  • be able to deliver a malicious remote bolus.
  • The user would have to ignore the alerts from the pump indicating that a remote bolus is being delivered.

What should I do if I am a diabetic person?

If we are using any of the MiniMed remote controls mentioned:

  • Verify that we have received the company advisory note for patients. If you have not received it, contact our healthcare professional to deliver it to us.
  • Stop using the remote control and disconnect it from your pump, following the steps included in the Annex of the company’s advisory note.
  • Contact the technical service of the company Medtronic Ibérica SA, on 900 120 330, for the resolution of doubts or problems related to the affected products.
  • If we consider that we need additional medical advice, we will contact our healthcare professional.

follow us on instagram

If you don’t want to miss any of our items, subscribe to our newsletters