Medtronic began alerting patients Tuesday of a technological weakness in its MiniMed 600 Series insulin pumps that makes it vulnerable to hacking, the latest in a series of problems for the device and the company's diabetes business.
The U.S. Food and Drug Administration (FDA) issued a statement about the potential cybersecurity risk and Medtronic sent out instructions for fixing the problem in an urgent medical device correction notice. This type of notice meets the agency's definition of a recall, but doesn't require patients return or stop using the product.
If a person gained unauthorized access to one of the pumps, they could tamper with the pump's delivery of insulin. To exploit the weakness of the device, a person would need to be in close physical proximity to a patient while the pump is being paired wirelessly to other system components, such as the blood glucose meter.
Medtronic said it is not possible for someone to gain unauthorized pump access through the internet.
The issue was discovered during internal testing, but neither Medtronic nor the FDA is aware of any instances when unauthorized access occurred.
The diabetes division, Medtronic's smallest business, has faced a string of recent setbacks. Last December, the FDA issued a warning letter to Medtronic over how the diabetes division had handled complaints, assessed product risks and dealt with recalls.
In an earnings call last month, Medtronic chief executive Geoff Martha said the company has "completed more than 90% of the actions we committed to the FDA" in response to the warning letter.
Medtronic spokeswoman Pamela Reese said the company's latest notification about the pumps is unrelated to any issues raised in last year's warning letter.