FDA Warns of Cybersecurity Risk with Medtronic Insulin Pump System

The US Food and Drug Administration (FDA) alerted patients using a particular Medtronic insulin pump system that unauthorized people might access the pump system and compromise the pump’s insulin delivery.

The FDA warned on Tuesday that there is a potential issue associated with the communication protocol for MiniMed 600 Series Insulin Pump System, for example, MiniMed 630G and MiniMed 670G, that could allow unauthorized access to the pump system.

“If unauthorized access occurs, the pump’s communication protocol could be compromised, which may cause the pump to deliver too much or too little insulin,” the FDA says in an alert.


According to Medtronic, for unauthorized access to occur, a nearby unauthorized person (person other than a patient or patient’s care partner) would need to gain access to the pump while the pump is being paired with other system components. The company emphasizes this cannot be done over the internet.

The FDA and Medtronic say they are unaware of any reports related to this cybersecurity vulnerability; however, the company urges patients to take the following actions.

  • Turn off the “Remote Bolus” feature on your pump if it is turned on. Note that the “Remote Bolus” capability is on by default, so you should take this action even if you have never used this feature.
  • Conduct any connection linking of devices in a non-public place.

Read more recommended precautions here.


FDA. Cybersecurity.

Medtronic. Urgent Medical Device Correction.


Leave a reply

Your email will not be published. All fields are required.