Country’s apex drug regulator CDSCO released an alert on insulin pumps produced by US medical device manufacturer Medtronic on Wednesday, stating they have cybersecurity hazards as someone other than the patient can connect to them wirelessly, alter their settings and control delivery. The alert said this could allow an individual to overdose the patient with insulin, resulting in low blood sugar (hypoglycemia) or prevent insulin delivery, resulting in high blood sugar and diabetic ketoacidosis (a buildup of proteins in the blood).
“Security researchers recognized prospective cybersecurity vulnerabilities associated with these insulin pumps. Any unauthorized individual with unique technical abilities and facilities could possibly connect wirelessly to a neighboring insulin pump and alter the settings of the pump and regulate the shipment,” the Central Drugs Standard Control Organization (CDSCO) said in its warning.
The alert arrives a week after a warning was given to patients and healthcare providers by the U.S. Food and Drug Administration (US FDA) that certain Medtronic MiniMed insulin pumps are being removed owing to potential cybersecurity hazards.
The CDSCO has recommended healthcare experts, retailers and customers and patient management employees to verify and see if their insulin pump model and software version are impacted. They have been recommended to carefully monitor blood glucose concentrations and to cancel any unintended boluses instantly. It also advised that the pump serial number should not be shared, that notifications, alarms and alerts should be pumped, and that the Medtronic insulin pump should only be connected to other Medtronic devices and software.