Medtronic Releases Urgent Recall for MiniMed MMT-500 and MMT-503 Remote Controllers for Insulin Pumps

Medtronic has released an urgent medical device recall for MiniMed MMT-500 or MMT-503 remote controller for MiniMed 508 and Paradigm insulin pumps. The devices are affected by a vulnerability that could allow an unauthorised attacker to copy and play back wireless radio frequency communications to impair an insulin pump's delivery of insulin to the user.

Threat ID:: CC-3965
Threat Severity:: Low
Threat Vector:: Vulnerability
Published:: 7 October 2021 12:14 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Affected platforms

The following platforms are known to be affected:

Versions: MiniMed MMT-500 or MMT-503 remote controller

Medtronic MiniMed 508 Insulin Pump

Versions: MiniMed MMT-500 or MMT-503 remote controller

Medtronic MiniMed Paradigm Insulin Pump

Threat details

Introduction

Medtronic has issued an urgent medical device recall notification for MMT-500 and MMT-503 remote controllers used with Medtronic MiniMed 508 insulin pump and the MiniMed Paradigm family of insulin pumps.

The Medtronic remote controller uses a wireless radio frequency (RF) to communicate with the Medtronic insulin pump and helps to program a set amount of insulin (or bolus) into the pump. A vulnerability in the system could allow an unauthorised individual, in close proximity of an insulin pump user, to copy the wireless RF signals from the remote controller and play those back to deliver an additional bolus of insulin to the user. This could have health implications for the user; additional insulin supplied beyond the user's requirements could cause hypoglycemia and suspending insulin delivery could cause hyperglycemia.

A recall for this issue was first released by Medtronic in August 2018, but only pumps under warranty at the time received the recall notification. Medtronic have now extended the recall notification to all users who may still be using the MiniMed 508 insulin pump or the MiniMed Paradigm family of insulin pumps and have purchased a remote controller.

Remediation advice

Affected users should review the recall instructions in Medtronic's Urgent Medical Device Recall - MiniMed Remote Controller (MMT-500 or MMT-503) recall notice. Medtronic has also sent recall letters with recall instructions to users they know to be affected by the medical device recall.

Definitive source of threat updates

https://www.medtronicdiabetes.com/customer-support/product-and-service-updates/notice16-letter

Last edited: 7 October 2021 1:51 pm