The alert by Central Drugs Standard Control Organisation follows US FDA alert flagging these risks
India’s apex drug regulator has issued an alert to healthcare providers, staff involved in managing patients and distributors over cybersecurity concerns related to a few models of US medical device maker Medtronic’s Minimed insulin pumps. The alert by the Central Drugs Standard Control Organisation (CDSCO) on Tuesday follows the US Food and Drug Administration’s (US FDA) own alert flagging these risks.
“An unauthorised person with special technical skills and equipment could potentially connect wirelessly to a nearby insulin pump to change settings and control insulin delivery,” stated CDSCO in its alert, a copy of which The Indian Express has viewed.
According to the US FDA, which issued its alert on June 27, this would allow the person to change the pump’s settings to either over-deliver or stop insulin delivery to the patient, impacting their blood sugar level and causing harm. Medtronic cannot update the models to address these cybersecurity risks, it stated, recommending that patients replace the affected pumps with models ‘better equipped’ to protect them.
CDSCO has issued the alert on models of MiniMed Paradigm (MMT-712, MMT-715 and MMT-722) and MiniMed Paradigm Veo (MMT-754) models, which are designed to communicate wirelessly with devices like blood glucose metres, glucose sensor transmitters and USB devices.
Like the US FDA alert, CDSCO has recommended that healthcare professionals, distributors and those managing patients check whether their models have been affected and seek prescriptions to switch to a model with ‘more cybersecurity protection.’
Patients should keep their insulin pumps and devices connected to them within their control “at all times” and should not share their pump serial number, reads the CDSCO alert. “Be attentive to pump notifications, alarms and alerts,” it states, adding that the patients’ blood glucose levels should be closely monitored for appropriate action and any ‘unintended’ boluses should be cancelled immediately.
The Indian drug regulator’s alert further recommends refraining from connecting the pumps to devices and software that do not belong to Medtronic. It has also recommended disconnecting the USB device from computers when not in use. Medtronic did not respond to queries about how many of the remaining models have been sold and are used by patients here. However, a Medtronic spokesperson said the company notified customers of these potential risks on June 25, adding that the models were from 2012.
“At this time, we have not received any confirmed reports of unauthorised persons changing settings or controlling insulin delivery,” the spokesperson told The Indian Express. “Kindly note that the insulin pumps are not being recalled and are not required to be returned. This is a safety notification only,” the spokesperson added. Medtronic has initiated recalls of several affected models in the US and is ‘providing alternative insulin pumps’ to patients there, according to US FDA’s alert.
No patient issues have been reported in India so far, said the spokesperson. “Over the years, we have launched many advanced models of insulin pumps and they are safe for patients.”
This is CDSCO’s second medical device alert on devices by Medtronic in the last three months. In May, it issued an alert on safety issues related to certain models of the firm’s pacemakers.