According to cybersecurity services specialists, Medtronic medical devices manufacturing firm is recalling some insulin pump models exposed to hacker attacks. The Food and Drug Administration (FDA) states that flaws found in these devices cannot be patched.
Although this is a somewhat unusual measure, the cybersecurity community and FDA experts have been alerting manufacturers, software developers and customers for a few years about the risks present in using these devices.
Cybersecurity services specialists mention that insulin pumps that will be recalled are wirelessly connected to other devices in hospitals such as glucose meters and other substance controllers.
“By exploiting these security vulnerabilities, a malicious actor could remotely connect to an insulin pump and modify the settings set by doctors to alter the patient’s glucose levels or cut off their insulin supply. Victims could suffer consequences such as high blood glucose or diabetic crisis”, the FDA says.
Vulnerabilities in MiniMed 508 insulin pumps cannot be corrected with firmware security updates, cybersecurity services specialists mention. The manufacturer has asked its customers to speak with their health care provider to find out if their insulin pump needs to be changed. Among other recommendations, the company has asked its customers not to share information about the device with anyone (serial numbers, for example).
According to specialists from the International Institute for Cyber Safety (IICS) at least 4,000 patients using the compromised insulin pump model have already been identified. “We are working with our partners to help other patients who ignore these issues,” said a Medtronic spokesperson.
In greater detail, the spokesperson made some clarifications about the actions taken by the company: “At Medtronic, as in the entire medical device industry, we use the term “recall” to talk about a set of actions regarding our products, such as maintaining communication with our customers to provide them with additional instructions on the best use of medical devices; we’re not going to take these products off the market,” the spokesman added.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.