Medical IoT device maker Medtronic has initiated for a recall for several units of its insulin pumps after it was discovered that the devices were vulnerable to hacks and there is no way to patch the security holes. The said devices were MiniMed 508 and MiniMed Paradigm series insulin pumps.
“The MiniMed™ 508 insulin pump and the MiniMed™ Paradigm™ series insulin pumps are designed to communicate using a wireless radio frequency (RF) with other devices such as a blood glucose meters, glucose sensor transmitters, and CareLink™ USB devices,” Medtronic alerted users in a statement. “Security researchers have identified potential cybersecurity vulnerabilities related to these insulin pumps. An unauthorized person with special technical skills and equipment could potentially connect wirelessly to a nearby insulin pump to change settings and control insulin delivery. This could lead to hypoglycemia (if additional insulin is delivered) or hyperglycemia and diabetic ketoacidosis (if not enough insulin is delivered).”
It was the FDA that announced the vulnerabilities in the medical IoT devices from Medtronic. “The FDA is warning patients and health care providers that certain Medtronic MiniMed™ insulin pumps have potential cybersecurity risks. Patients with diabetes using these models should switch their insulin pump to models that are better equipped to protect against these potential risks,” FDA stated in a statement. The FDA also listed out the devices that were vulnerable in the statement.
Cybersecurity experts say cybercriminals are increasingly targeting the healthcare industry to steal sensitive medical information and sell it on the black market.
A survey from cybersecurity company Carbon Black stated the rate of cyber-attacks on healthcare industry appear to be increasing exponentially. In its survey report Healthcare Cyber Heists in 2019, Carbon Black has disclosed what is happening to the Personal Health Information (PHI) that was stolen by cybercriminals.
The survey, which involved 20 of the healthcare industry’s Chief Information Security Officers (CISOs), found the healthcare sector being targeted because of how lucrative PHI is when compared to other personal data like credit card numbers. It’s said that personal health information is worth three times more than other personal information since the health information never changes and can be used by cybercriminal groups for extortion or compromise.