Medtronic Recalls Remote Controllers Used with Paradigm and 508 MiniMed Insulin Pumps for Potential Cybersecurity Risks
The FDA has identified this as a Class I recall, the most serious type of recall. Use of these devices may cause serious injuries or death.
- All MiniMed Remote Controllers (model MMT-500 and MMT-503) used with a Medtronic MiniMed 508 insulin pump or the MiniMed Paradigm family of insulin pumps
- Distribution Dates: August 1999 to July 2018
- Devices Recalled in the U.S.: 31,310
- Date Initiated by Firm: August 7, 2018
People who have diabetes may use the MiniMed insulin pump to deliver insulin for the management of their diabetes. The pump system includes an optional remote controller device which is designed to communicate wirelessly with the pump to deliver a specific amount of insulin to the person with diabetes.
The following table shows the recalled Medtronic remote controllers, used with the MiniMed 508 insulin pump or the MiniMed Paradigm family of insulin pumps. The remote controllers impacted by this issue are older models that use previous-generation technology. As of July 2018, Medtronic is no longer manufacturing or distributing these remote controllers.
Model Number Location
MiniMed remote controller MMT-500
The model # is behind the remote under the barcode
MiniMed remote controller MMT-503
The model # is behind the remote under the barcode
Reason for Recall
Medtronic is recalling all remote controllers used with either the MiniMed 508 insulin pump or the MiniMed Paradigm family of insulin pumps due to potential cybersecurity risks. An unauthorized person (someone other than a patient, patient caregiver, or health care provider) could potentially record and replay the wireless communication between the remote and the MiniMed insulin pump. Using specialized equipment, an unauthorized person could instruct the pump to either over-deliver insulin to a patient, leading to low blood sugar (hypoglycemia), or stop insulin delivery, leading to high blood sugar and diabetic ketoacidosis, even death.
If you have never programmed a remote controller ID into the pump and never programmed the easy bolus option, you are not impacted by this vulnerability.
To date, the FDA is not aware of any reports of patient harm related to these potential cybersecurity risks.
Who May Be Affected
- Any person who uses the remote controller feature with either the MiniMed 508 insulin pump or the MiniMed Paradigm family of insulin pumps
- Health care providers and caregivers who treat people with diabetes who use remote controllers associated with either the MiniMed 508 insulin pump or the MiniMed Paradigm family of insulin pumps
What to Do
On October 5, 2021, Medtronic began notifying anyone who may still be using the MiniMed 508 insulin pump or the MiniMed Paradigm family of insulin pumps and have purchased a remote controller of the expanded recall. Medtronic provided the following instructions:
If you use a recalled remote controller:
- Stop using the remote controller.
- Turn off the easy bolus feature.
- Disconnect the remote controller from your insulin pump:
- First, you must turn off the radio frequency function and delete all remote controller IDs that are programmed into your insulin pump.
- Then, follow the instructions in the appendix attached to Medtronic’s letter. The steps to disconnect the remote controller will vary by insulin pump model.
- Contact Medtronic to return the remote controller in one of three ways:
- Visit medtronicdiabetes.com/RemoteControl
- Call Medtronic’s 24-Hour Technical Support line at 1-800-378-2292, or
- Complete and return the Customer Confirmation Form.
Use the prepaid return packaging to return the recalled remote controller to Medtronic. Until you turn off and disconnect the remote controller function from the pump, Medtronic advises you follow these security precautions to minimize the potential cybersecurity risk:
- Turn off the easy bolus when not intending to use the remote bolus option.
- Be attentive to pump alerts, especially when the easy bolus option is turned on.
Get medical help right away if you:
- Have symptoms of severe hypoglycemia (such as excessive sweating, feeling very tired, dizzy and weak, being pale, and a sudden feeling of hunger).
- Have symptoms of diabetic ketoacidosis (such as excessive thirst, frequent urination, nausea and vomiting, feeling very tired and weak, shortness of breath).
- Think your insulin pump settings or insulin delivery changed unexpectedly.
Be aware, that in August 2018, Medtronic initiated this recall and provided instructions on how to disable the remote bolus feature, when not in use, to protect the security of your insulin pump when using an optional remote controller. At that time, only device users whose pumps were under warranty received the recall notification. On October 5, 2021, Medtronic expanded the recall to include notification to anyone who Medtronic believes may still be using the MiniMed 508 insulin pump or the MiniMed Paradigm family of insulin pumps and have purchased a remote controller.
Patients and health care providers should also be aware of the FDA Safety Communication from June 27, 2019, related to specified Medtronic MiniMed Insulin Pumps.
If you have questions or need additional information about this recall, call Medtronic’s 24-Hour Technical Support line at 1-800-378-2292.
- Medical Device Recall Database Entry Model MMT500
- Medical Device Recall Database Entry Model MMT503
- Medtronic Patient Letter
- Medtronic Security Bulletin
- Department of Homeland Security Cybersecurity Infrastructure Security Advisory
- Medtronic Recalls Remote Controllers for MiniMed Insulin Pumps for Potential Cybersecurity Risks (2019)
- FDA Safety Communication: Certain Medtronic MiniMed Insulin Pumps Have Potential Cybersecurity Risks (2019)
- FDA News Release (2019)
- FDA Medical Device Cybersecurity
How do I report a problem?
Health care professionals and consumers may report adverse reactions or quality problems they experienced using these devices to MedWatch: The FDA Safety Information and Adverse Event Reporting Program using an online form, regular mail, or FAX.