The U.S. FDA is alerting medical device users about a cybersecurity risk for the Medtronic MiniMed 600 Series Insulin Pump System, which includes products such as the MiniMed 630G and MiniMed 670G.

There is a potential issue associated with the communication protocol for the pump system that could allow unauthorized access to the pump system, the FDA says. If unauthorized access occurs, the pump’s communication protocol could be compromised, which may cause the pump to deliver too much or too little insulin. 

The MiniMed 600 series pump system has components that communicate wirelessly (such as the insulin pump, continuous glucose monitoring (CGM) transmitter, blood glucose meter, and CareLink USB device). For unauthorized access to occur, a nearby unauthorized person would need to gain access to the pump while the pump is being paired with other system components.

The FDA is not aware of any reports related to this cybersecurity vulnerability.

Medtronic issued an Urgent Medical Device CorrectionExternal Link Disclaimer to inform medical device users of this cybersecurity risk and included actions and recommendations for users to take.

The FDA is working with Medtronic to identify, communicate, and prevent adverse events related to this cybersecurity vulnerability. The FDA will keep the public informed if significant new information becomes available. 

Medical devices are increasingly connected to the Internet, hospital networks, and other medical devices to provide features that improve health care and increase the ability of health care providers to treat patients, the FDA says. These same features also increase potential cybersecurity risks.

For additional questions about this cybersecurity risk, medical device users should reach out to Medtronic at 1-800-646-4633, option 1, the FDA says.