Certain Medtronic MiniMed insulin pumps are being recalled due to cybersecurity vulnerabilities identified in the device. A threat actor could potentially connect wirelessly to a nearby MiniMed insulin pump and change the pump’s settings causing to over deliver insulin to a patient, leading to hypoglycemia, or to stop insulin delivery, leading to high blood sugar and diabetic ketoacidosis.
FDA urges health care manufacturers, delivery organizations, security researchers and other government agencies to develop and implement solutions to address cybersecurity issues throughout a device’s total product lifecycle. Adopting a zero trust approach cannot be more applicable.
Organizations are realizing that focusing primarily on perimeter security doesn’t prevent breaches. They are adopting a Zero Trust mindset of “trust never, verify always.” Assuming the perimeter has already been breached, and threat actors can affect even the smallest of things like medical devices, the focus is on how to prevent a threat actor from moving laterally inside the environments. This mindset shifts the conversation from detection and prevention to containment and remediation. Allow only the required connections and users to an environment or an application or a device. This approach prepares you for a breach and secures your application servers and devices from the ever-increasing cyber threats.
FDA recalling certain Medtronic insulin pumps due to cyber vulnerabilities.