DHS Warning: Hackers can push overdose to insulin pumps

DHS Warning: Hackers can push overdose to insulin pumps

A medical emergency could result from a hacked insulin pump - how to avoid it

by Kurt Knutsson

The Department of Homeland Security is issuing a rare medical cybersecurity advisory for insulin pumps.

Specifically, some insulin pumps and devices have a known loophole that a hacker could exploit to cause harm to a person with diabetes and a patient receiving insulin through a popular series of pumps.

The specific warning is that Medtronic insulin pumps are vulnerable to attack.  The risk is that if someone exploits the vulnerability in a Medtronic insulin pump, a hacker could deliver too much or too little insulin by taking control of the insulin pumps.

Medtronic is aware of the potentially dangerous loophole and self-reported the vulnerability to the federal cybersecurity agency, CISA.  Instead of a traditional hack that uses an Internet connection, an attacker would need only have near proximity to an affected device to gain control using the security flaw.

These Medtronic devices are targeted in the warning

  • MiniMed 600 Series Insulin Pumps several models
  • Guardian Link 3 Transmitter
  • Guardian 2 Link Transmitter
  • Carelink USB
  • Contour Next Link 2.4

Credit: Medtronic

What happens when a person is deliberately overdosed with insulin

An unknowing victim could experience any of the following symptoms:

  • Cold sweats
  • Trembling hands
  • Intense anxiety
  • Extreme hunger
  • Fatigue
  • Sense of confusion
  • Lose consciousness or pass out

Hypoglycemia occurs when too much insulin is put in the body.  However, it is serious and could lead to seizures or cause a person to pass out.

When to call 911 for emergency paramedics

Therefore, if you feel like you have overdosed on insulin and your blood sugar level stays low after 2 hours or if your symptoms don’t improve, get medical help.  Alert those around you that if you lose consciousness or cannot respond to instructions, they should call 911 immediately.

What to do about this insulin pump hack risk

  1. Turn off the “Remote Bolus” feature on the pump
  2. Only connect or link to devices in a private place
  3. Be attentive to pump notifications, alarms, and alerts that are unusual

Moreover, if you believe your insulin pump has been hacked, or you suspect pump settings have inexplicably changed, call Medtronic 24-hour support 1-800-646-4633.   If you have one of the affected products, Medtronic has created this customer landing support page with additional details.

If you know someone who has diabetes, consider sharing this to keep them safe.


   

Leave a Comment

GET MY FREE CYBERGUY REPORT
Subscribe to receive my latest Tech news, security alerts, tips and deals newsletter. (We won't spam or share your email with anyone else.)

By signing up, you agree to our Terms of Service and Privacy Policy. You may unsubscribe at any time.

Tips to avoid our newsletters going to your junk folder