The Food and Drug Administration (FDA) recently alerted consumers that Medtronic was recalling their MiniMed™ 508 insulin pump and MiniMed™ Paradigm™ Series insulin pump models. They discovered that the pumps were vulnerable to being hacked and could not be updated to correct the issue.
The recalled Medtronic pumps could connect wirelessly to equipment, such as monitoring systems and glucose meters. The FDA and security companies have been aware of the problem for many years, with one company calling it the next big security nightmare. Medical devices are not often recalled for cybersecurity reasons, but wireless technology makes this issue very real.
The MiniMed pumps had security flaws in their firmware, which made them open to hackers. Since they worked wirelessly, the FDA believed that outsiders could hack in and change the settings on the pump. Only health care providers, patients, and caregivers should have been adjusting the pumps. Unauthorized users could set the pumps to deliver not enough or too much insulin, which could seriously affect blood sugar levels, leading to diabetic ketoacidosis.
Medtronic sent a letter to 4,000 patients, explaining the issue and directing them to contact their physicians and health providers. They recommended upgrading to one of their newer pumps, although this not may be an option for everyone. Those that choose to stay with the original pumps are advised to always be in control of the pump and any connected devices. The letter also advised patients to keep serial numbers private, and not share it with others. They were also directed to disconnect the USB from computers when not in use, and to never connect with any unauthorized third-party devices.
Patients were advised to closely monitor their blood glucose levels, act if needed, and were told to seek medical assistance if symptoms of ketoacidosis or hypoglycemia were experienced. Pump notifications, such as alarms, should be addressed right away, and any unintended dosages should be canceled. If it is suspected that the settings were tampered with or the insulin delivery suddenly changed, the patient should also seek help.
Alpine Security Company of Illinois stated that every hospital bed in this country has 10 to 15 connected devices. Although they provide doctors more information and benefit patients, embedded ones such as pacemakers and cardiac defibrillators that use network and radio tech are also vulnerable to cyber hacks. Any type of wireless device is at risk, and medical devices have been targeted for security attacks in the past. Some victims had medical records stolen, and some hospitals have been subjected to ransomware attacks.
Ransomware hacks software that blocks users from accessing computer systems until money is paid. Alpine points out that hacked medical devices can possibly lead to hospital network shut downs. This can lead to patient records being compromised.
Medical devices are not supposed to harm patients, but it can happen. If you were injured by a defective medical device, the Philadelphia defective medical device lawyers at Brookman, Rosenberg, Brown & Sandler can help. We will fight to obtain the compensation you deserve. Call us today at 215-569-4000 or complete an online form for a free consultation. Located in Philadelphia, we serve clients throughout New Jersey and Pennsylvania, including Delaware County, Chester County, and Philadelphia County.