Medtronic recalls some controllers used with some of its insulin pumps over cyberattack risks
Latest in cybersecurity.
Medical device maker Medtronic recalled the remote controllers used with some of its insulin pumps because of dangerous vulnerabilities.
Medical device maker Medtronic has recalled the remote controllers used with some of its insulin pumps because of they are affected by severe vulnerabilities that could lead to injury or death of the patients.
An attacker can exploit the vulnerabilities to modify the quantity of insulin that the pumps provide to the patient.
“The MiniMed remote controller, which uses a wireless radio frequency (RF) to communicate with your insulin pump, helps to program a set amount of insulin (or bolus) into your Medtronic pump without pressing any insulin pump buttons.” states the URGENT MEDICAL DEVICE RECALL published by the medical equipment vendor.
“In May 2018, an external cybersecurity researcher identified a potential risk related to the MiniMed Paradigm family of insulin pumps and corresponding remote controller. The researcher’s report stated that an unauthorized individual in close proximity of an insulin pump user could potentially copy the wireless RF signals from the user’s remote controller (for example, while the user is in the process of delivering a remote bolus) and play those back later to deliver an additional bolus of insulin to the pump user. This could lead to potential health risks such as hypoglycemia if additional insulin is delivered beyond the user’s insulin requirements, or hyperglycemia if insulin delivery is suspended through a similar play back.”
The company pointed out that to date, it has not received reports of any injuries resulting from this issue.
The company first communicated the recall to some users in August 2018 recommending to disable the remote bolus feature, when not in use, to prevent cyberattacks when using an optional remote controller.
The company recalls MiniMed 508 and Paradigm series insulin pumps remote controls MMT-500, and MMT-503, the impacted devices represent 60% of the insulin pumps on the market. Anyway, both device families are no more produced by the vendor.
via Security Affairs https://ift.tt/2ISWpiN
October 10, 2021 at 07:18AM