FDA warns of cybersecurity risk to certain Medtronic insulin pumps

(Reuters) — The U.S. Food and Drug Administration said on Thursday that certain insulin pumps of Medtronic PLC were being recalled due to a potential risk of them being hacked.

The drug regulator said it was not aware of any confirmed reports of patient harm related to the potential cybersecurity risks.

“An unauthorized person with special technical skills and equipment could potentially connect wirelessly to a nearby insulin pump to change settings and control insulin delivery,” Medtronic said.

Medtronic has identified 4,000 patients who are potentially using insulin pumps that are vulnerable to this issue, the agency said.

However, a Medtronic customer support representative said the products, all older models, were not being recalled and instead the company was offering an exchange program.

Out-of-warranty models can be exchanged for a newer model at a discounted price, according to Medtronic’s website, which also said that in-warranty products can be exchanged for free.

The FDA in March said cybersecurity vulnerabilities were identified in Medtronic’s implantable cardiac devices, clinic programmers and home monitors.