Health Canada has issued a warning to patients using some wireless Medtronic MiniMed insulin pumps, citing a security vulnerability that could allow the pump to be hacked and controlled remotely.
According to an advisory issued Saturday, the potential cybersecurity vulnerability could allow someone other than the patient to access the pump settings and toy with the amount of insulin delivered to the patient.
“Changes to pump settings could result in either over-delivery of insulin to a patient, leading to low blood sugar (hypoglycemia), or stopping insulin delivery, leading to high blood sugar (hyperglycemia) and diabetic ketoacidosis,” reads the warning.
In order to hack the device, Medtronic says an unauthorized user would need the exact serial number of a user’s pump and the “necessary technical skills” to perform the hack.
The security risk affects Medtronic MiniMed 508 and MiniMed Paradigm insulin pumps distributed between 2010 and 2015. According to the company, 2,620 of these insulin pumps have been sold in Canada.
Health Canada has not received any reports of patients being affected by the potential security risk and notes that the potential risk to users is low.
The health agency notes that it’s important for patients not to stop using their insulin pumps and urges those with affected units to pay close attention to their pump notifications, alarms, and alerts.
Medtronic says it has contacted affected Canadian customers and health care professionals regarding the cybersecurity risk.
A complete list of affected devices can be found on Health Canada’s website.