Medtronic Alerts
1767Warning Date
Severity Level
Warning Number
Target Sector
6 October, 2021
● Medium
2021-3630
HealthCare
Description:
Medtronic has released security alerts to address multiple vulnerabilities in the following products:
- MMT-500 Remote Controller
- MMT-508 MiniMed pump
- MMT-503 Remote Controller
- MMT-511 pump Paradigm
- MMT-512 / MMT-712 Paradigm x12
- MMT-515 / MMT-715 Paradigm x15
- MMT-522 / MMT-722 Paradigm REAL-TIME
- MMT-522(K) / MMT-722(K) Paradigm REAL-TIME
- MMT-523 / MMT-723 Paradigm Revel
- MMT-523(K) / MMT-723(K) Paradigm
- MMT-554 / MMT-754 MiniMed Veo
- MMT-551 / MMT-751 MiniMed 530G
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Extract sensitive information, such as device serial numbers
- Capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery
Best practice and Recommendations:
Medtronic is directing all users to stop using their remote controllers, disable the remote option on their insulin pump, and to return the remote controllers to Medtronic.
Medtronic has released:
Additionally, Medtronic will be sending a letter to patients who may still be actively using the remotes in order to inform patients about these security risks, and request patients stop using the remote and return them to Medtronic.