The communications protocol for the Medtronic MiniMed 600 Series Insulin Pump System could allow an unauthorized person to access the pump to deliver too much or too little insulin, the Food and Drug Administration alerted users today. The agency said it is not aware of any reports related to this cybersecurity vulnerability. Medtronic recommends users take certain actions and precautions to protect their device from unauthorized access.

John Riggi, AHA’s national advisor for cybersecurity and risk, said, “The health care field is rapidly expanding the use of network- and internet-connected medical technologies, which help improve patient outcomes and increase clinical and business efficiencies. However, the increased use of network and internet connections also expand our cyber ‘attack surface,’ allowing many more potential entry points into our networks if not properly secured — and in this case, potentially impacting the operational safety of a patient-connected medical device. Last week the FBI issued an alert warning that cyber threat actors are exploiting medical device vulnerabilities, which could potentially adversely impact health care facilities’ operational functions, patient safety, and data confidentiality and data integrity. Given this heightened medical device cyber threat environment, it is essential that the biomedical engineering and cybersecurity functions in hospitals and health systems work in close coordination to efficiently identify and patch cyber vulnerabilities in medical devices.” 

For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org.

Related News Articles

Headline
The Food and Drug Administration Sept. 26 finalized guidance updating the cybersecurity information device makers should submit to its Center for Devices and…
Headline
The Health Information Sharing and Analysis Center (H-ISAC) Sept. 19 alerted the health sector to an emerging threat that targets senior executives through…
Headline
The Department of Health and Human Services Sept. 18 alerted the health care sector to a critical vulnerability in ManageEngine products that allows an…
Headline
The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) yesterday alerted the sector to a ransomware group that…
Headline
The U.S. Treasury Department, in coordination with the United Kingdom, Sept. 7 sanctioned 11 individuals who are part of the Russia-based Trickbot cybercrime…
Headline
The Federal Bureau of Investigations, amid one of the largest-ever U.S.-led enforcement actions against a botnet, Aug. 29 announced the successful takedown of…