New Delhi: The Modi government Wednesday issued an alert about insulin pumps manufactured by American medical equipment giant Medtronic, saying they are vulnerable to hackers who can connect to them and control delivery of the hormone into a patient’s body.
The Central Drug Standard Control Organisation’s (CDSCO) alert comes less than a week after the US Food and Drug Administration (FDA) warned about cybersecurity risks of these insulin pumps.
With around 73 million cases in 2017, India is the world’s diabetes capital and hundreds of patients have been using Medtronic’s MiniMed 508 and MiniMed Paradigm series of insulin pumps that are susceptible to remote access.
The Paradigm series can communicate with other devices such as blood glucose metres, glucose sensor transmitters and USB devices using wireless radio frequency.
“Any unauthorised person with special technical skills and equipment can connect wirelessly to a nearby insulin pump to change settings and control delivery of the hormone,” says the CDSCO alert. A significantly higher or lower levels of insulin administered to a patient can prove life-threatening.
However, according to Medtronic’s official statement, doctors and patients are appraised of the recommended security precautions to be taken while using Medtronic pumps. “These include paying attention to any notification, alarms or any other alert that crops up. These insulin pumps are not being recalled in India. The government has only given out a precautionary security notification.”
But doctors said they had not been informed about such security precautions by the firm.
“We have not been informed by the company yet,” said Dr Amerta Ghosh, a diabetologist at Fortis C-DOC in Delhi’s Nehru Place.
“We have almost 250 patients who are using this device under our guidance. These are prescribed more for patients with Type 1 diabetes. It is also given in critical cases such as pregnant diabetic women or those diabetics who are also suffering from kidney diseases.”
The price of these insulin pumps range anywhere from Rs 1-4 lakh, depending on its functions and added features. These devices are not covered under any health insurance scheme in India.
What are insulin pumps
The FDA states that “insulin pumps are small, computerised devices which deliver the hormone to a patient via a catheter (a small, flexible tube) implanted under the skin”.
They are considered a good substitute for regular insulin injections. Patients suffering from type 1 and type 2 diabetes are in greater need of these insulin pumps in order to maintain their blood glucose levels. Medtronic’s insulin pumps work by wirelessly connecting to a patient’s blood glucose meter as well as the continuous glucose monitoring system (a sensor and transmitter that tracks glucose levels).
These pumps also include a remote control and an USB device that can be plugged into a computer. “Patients can use the remote control to send insulin bolus (dosing) commands to a pump remotely. They can use the USB device to download data about their glucose levels from their insulin pump in order to monitor their own progress and share it with their health care provider,” FDA’s advisory on the device says.
No confirmed reports of harm
Even though the American regulator has issued a warning, the FDA till date does not have any confirmed reports of harm due to a potential cybersecurity risk.
The Indian government, while claiming that it has not received any complaint yet, has listed four models that are vulnerable to hacking. Patients have been advised to check if their insulin pumps feature in this list. They have also been advised to talk to their health care providers and switch to a model that has more cybersecurity protection.