MiniMed™ 600 Series Pump System Communication Issue Security Bulletin

September 20, 2022

Impacted Products

• MiniMed™ 620G (MMT-1750)
• MiniMed™ 630G (MMT-1715, MMT-1754, MMT-1755)
• MiniMed™ 640G (MMT-1711, MMT-1712, MMT-1751, MMT-1752)
• MiniMed™ 670G (MMT-1740, MMT-1741, MMT-1742, MMT-1760, MMT-1761, MMT-1762, MMT-1780, MMT-1781, MMT-1782)
• Guardian™ Link 3 Transmitter (MMT-7810, MMT-7811)
• Guardian™ 2 Link Transmitter (MMT-7730, MMT-7731, MMT-7738, MMT-7775)
• CareLink™ USB (MMT-7306)
• Contour® Next Link 2.4/Contour® Plus Link 2.4 (MMT-1151, MMT-1152, MMT-1351, MMT-1352)

¹ Sample image. Pump screen and buttons vary by model.

Vulnerability Summary

The MiniMed™ 600 series pump system consists of components such as the pump, continuous glucose monitoring (CGM) transmitter, blood glucose meter and CareLink™ USB device that communicate wirelessly. Medtronic has recently identified a potential issue through internal testing whereby, under specific circumstances, the communication between the components of the pump system could be compromised through unauthorized access.

For unauthorized access to occur, a nearby person other than the patient or their care partner would need to gain access to the pump at the same time that the pump is being paired with other system components. This cannot be done over the internet.

Medtronic has no evidence to date that such an issue has occurred. However, in the unlikely event that unauthorized access would be successful, the access could be used to deliver too much or too little insulin through delivery of an unintended insulin bolus or because insulin delivery is slowed or stopped. Too much insulin could result in hypoglycemia (low blood sugar) which can potentially lead to seizure, coma or death. Too little insulin could result in hyperglycemia (high blood sugar) which can potentially lead to diabetic ketoacidosis.

Medtronic recommends all patients take the actions and precautions listed below. 

Actions recommended for all patients:

1. Turn off the “Remote Bolus” feature on your pump if it is turned on. Note that the “Remote Bolus” capability is on by default, so you should take this action even if you have never used this feature.
   
   
   • See Appendix: How to Turn Off Remote Bolus Settings?
   • Or by visiting our website at medtronicdiabetes.com/remote-bolus
2. Conduct any connection linking of devices in a non-public place.

Precautions recommended for all patients:

1. Keep your pump and connected system components within your control at all times.
2. Be attentive to pump notifications, alarms, and alerts. 
3. Immediately cancel any boluses you or your care partner did not initiate, monitor blood glucose levels closely and reach out to Medtronic 24-Hour Technical Support to report the bolus. NOTE: Turning off remote bolus feature will ensure no remote bolus is possible
4. Disconnect the USB device from your computer when you’re not using it to download pump data. 
5. DO NOT confirm remote connection requests or any other remote action on the pump screen unless it is initiated by you or your care partner.
   
6. DO NOT share your pump’s or devices’ serial numbers with anyone other than your healthcare provider, distributors, and Medtronic.
7. DO NOT accept, calibrate, or bolus using a blood glucose reading you didn’t initiate.  
8. DO NOT connect to or allow any third-party devices to be connected to your pump
9. DO NOT use any software which has not been authorized by Medtronic as being safe for use with your pump. 
10. Get medical help immediately when experiencing symptoms of severe hypoglycemia or diabetic ketoacidosis. 
11. Reach out to Medtronic 24-Hour Technical Support if you suspect a pump setting or insulin delivery have changed unexpectedly, without your knowledge. 

Medtronic has additional general security information, at the following location:

https://www.medtronic.com/security

The best step you can take now to eliminate your individual risk of unintended delivery of insulin is to permanently turn off the Remote Bolus feature on your pump. We will continue to actively monitor the situation and are committed to sharing relevant information or actions with you in the future.

We understand this impacts your experience and are here to support you. If you have further questions, please call the Medtronic 24-Hour Technical Support line at 1-800-646-4633, option 1.

How to Turn off Remote Bolus settings?

Follow these steps to turn off Remote Bolus feature: 

• MiniMed™ 670G
• MiniMed™ 620G, 630G, 640G

MiniMed^™ 670G Insulin Pump (MMT-1780, MMT-1781, MMT-1782)

Note: The Remote Bolus feature is not available when in SmartGuard™ Auto Mode

1. If Auto Mode is active, Auto mode must first be deactivated to enter manual mode using the following step:
   
   
   • Press Center Button ( ) and go to the Auto Mode settings screen.
     Options > SmartGuard > Auto Mode
     
     
      View larger image

2. Select Save
3. In manual mode, press Center Button ( ) and go to the Remote Bolus screen. Options > Utilities > Remote Bolus
   
   
    View larger image
   
   The Remote Bolus screen appears
   
    View larger image
4. Select Remote Bolus to turn the feature off.
   
    View larger image

5. Select Save
   
   
   • If you wish to reactivate Auto Mode, go to the Auto Mode settings screen.
     Options > SmartGuard > Auto Mode
     
     
      View larger image

MiniMed^™ 620G (MMT-1710), MiniMed^™ 630G (MMT-1714, MMT-1715), and MiniMed^™ 640G (MMT-1711, MMT-1712)

Note: Remote Bolus default setting is "ON".

1. Press Menu Button ( ) and go to the Remote Bolus screen.
   Menu > Utilities > Remote Bolus
   
   
    View larger image
   
   The Remote Bolus screen appears
   
    View larger image

2. Select Save
3. Select Remote Bolus to turn the feature off
   
    View larger image
4. Select Save

Additional technical details

The vulnerability associated with the Remote Bolus feature has a CVSS 3.1 score of 4.8. The CVE number is CVE-2022-32537.

Definition of terms

1. Healthcare provider: A healthcare provider is any person or organization that furnishes healthcare services and supplies, bills for them, or is paid for them. In this case, healthcare providers can be individuals (doctors or nurses) or organizations (hospitals, clinics, practice groups, along with their administrative staff). Healthcare researchers are also considered providers. 
2. Vulnerability: A vulnerability is a weakness in systems, software or products that compromises security. A vulnerability allows people to perform bad actions on those same systems, software, and products. 
3. Exploit: An exploit is a program or methodology created to take advantage of a vulnerability in a system or product to gain unauthorized access or negatively affect proper operation. 
4. Authentication: Authentication is the process of recognizing and affirming a user or device’s identity. Authentication typically uses specific information about a user or a device, such as something only the user/device knows (password, security question, security key), a physical characteristic (fingerprint, facial recognition, device certificate), or something they have (email address, mobile phone number, MAC address). 
5. Encryption: Encryption is the process of modifying data or information, so it is not recognizable or readable by a human. Encryption is performed using predefined calculations, called algorithms, that have a key. To change the data back from its encrypted form to its readable form, a person must have the key and know the specific algorithm used. Encryption keeps private and sensitive data safe from being read by someone who does not have permission to read or use it. 
6. Pairing: A wireless connection between two pump system components that leverages a secret code uniquely generated for every patient’s specific pump system component that protects the integrity and confidentiality of wireless communications.