Medtronic MiniMed 508 and Paradigm Series Insulin Pumps

Risk Summary

Successful exploitation of this vulnerability may allow an attacker with adjacent access to one of the affected products to intercept, modify, or interfere with the wireless RF (radio frequency) communications to or from the product. This may allow attackers to read sensitive data, change pump settings, or control insulin delivery.

CVEs (1)

Remediations

• Medtronic recommends U.S. patients who are currently using the affected products talk to their healthcare provider about changing to a newer model insulin pump with increased cybersecurity protection. Patients outside the U.S. will receive a notification letter with instructions based on the country where they live.
• Medtronic recommends all patients take the cybersecurity precautions indicated below.
• CYBERSECURITY PRECAUTIONS RECOMMENDED FOR ALL PATIENTS:
• Medtronic has released additional patient-focused information, at the following location:
• https://www.medtronic.com/security
• Additionally, Medtronic will be sending a letter to all patients who are current known users of these pumps further detailing the risks and defensive measures.
• https://www.fda.gov/MedicalDevices/DigitalHealth/ucm373213.htm

Affected Vendors

Affected Products (11)

Affected Sectors

Healthcare and Public Health