URGENT MEDICAL DEVICE RECALL


MiniMed remote controller (MMT-500 or MMT-503)


MiniMed™ Remote Controller (MMT-500 or MMT-503) - Notification Download

Medtronic first communicated this recall to some users in August 2018 with instructions on how to disable the remote bolus feature, when not in use, to protect the security of your insulin pump when using an optional remote controller which may be susceptible to a cybersecurity risk. At that time, only users whose pumps were under warranty received the recall notification. Medtronic is now expanding the notification to all users who Medtronic believes may still be using the MiniMed™ 508 insulin pump or the MiniMed™ Paradigm™ family of insulin pumps and have purchased a remote controller.

Additionally, after further review, Medtronic has determined that the potential risks associated with the MiniMed™ remote controller outweigh the benefits of its continued use. Therefore, we are providing updated instructions to further address this risk.

You should immediately stop using and disconnect the remote controller, disable the remote feature, and return the remote controller to Medtronic. See the Appendix attached to this letter for detailed instructions.

Please review the following issue description and instructions for disconnecting and returning your remote controller.

ISSUE DESCRIPTION

The MiniMed™ remote controller, which uses a wireless radio frequency (RF) to communicate with your insulin pump, helps to program a set amount of insulin (or bolus) into your Medtronic pump without pressing any insulin pump buttons.

In May 2018, an external cybersecurity researcher identified a potential risk related to the MiniMed™ Paradigm™ family of insulin pumps and corresponding remote controller. The researcher’s report stated that an unauthorized individual in close proximity of an insulin pump user could potentially copy the wireless RF signals from the user’s remote controller (for example, while the user is in the process of delivering a remote bolus) and play those back later to deliver an additional bolus of insulin to the pump user. This could lead to potential health risks such as hypoglycemia if additional insulin is delivered beyond the user’s insulin requirements, or hyperglycemia if insulin delivery is suspended through a similar play back. To date, Medtronic has not received reports of any injuries resulting from this issue.

Several Factors Must Occur for Your Pump to be Vulnerable

  1. The remote option for the pump would need to be enabled. This is not a factory-delivered default, and a user must choose this option.
  2. The user’s remote controller ID needs to be registered to the pump.
  3. The Easy Bolus™ option would need to be turned on and a bolus step size programmed in the pump.
  4. An unauthorized individual would need to be in close proximity of the user, with necessary equipment to copy the RF signals activated, when the user is delivering a bolus using the remote controller.
  5. The unauthorized individual would need to be in close proximity of the user to play back the RF signals to deliver a malicious remote bolus.
  6. The user would need to ignore the pump alerts, which indicates that a remote bolus is being delivered.

The following list shows the Medtronic remote controllers that are impacted by this issue. Medtronic is no longer manufacturing or distributing these remote controllers.


Remote controller Model Number Location Serial Numbers

MiniMed remote controller MMT-500

MiniMed remote controller MMT-500

MiniMed remote controller MMT-500 back

The model # is behind the remote under the barcode

All

MiniMed remote controller MMT-503

MiniMed remote controller MMT-503

MiniMed remote controller MMT-503 back

The model # is behind the remote under the barcode

All

ACTIONS REQUIRED:

  1. STOP USING AND DISCONNECT THE REMOTE CONTROLLER

    To disconnect the remote controller from your insulin pump, you must disable the radio frequency function and delete all remote controller IDs that are programmed into your pump. Follow the instructions in the appendix attached to this letter. The steps to disconnect the remote controller will vary by insulin pump model.

  2. ACKNOWLEDGE NOTIFICATION

    Visit medtronicdiabetes.com/RemoteControl, call Medtronic 24-Hour Technical Support at 1-800-378-2292, or complete and return the enclosed Customer Confirmation Form to acknowledge that you have read and understood this notification and to indicate your decision regarding returning the remote controller.

  3. RETURN PRODUCT

    Prepaid return packaging will be provided for you to return the remote controller to Medtronic.


Until you disable your remote controller and disconnect it from your pump, refer to the safety precautions previously provided in the security bulletin at medtronic.com/security.

Please notify Medtronic of any adverse events or quality problems associated with your use of this product by calling Medtronic 24-Hour Technical Support at 1-800-378-2292.

Adverse reactions or quality problems experienced with the use of this product may also be reported to the FDA's MedWatch Adverse Event Reporting program either online, by regular mail or by fax.


At Medtronic, patient safety is our top priority, and we are committed to delivering safe and effective therapies. Thank you in advance for your patience as we work to support all our customers as quickly as possible. We appreciate your time and attention in reading this important notification.



APPENDIX

INSTRUCTIONS TO DISCONNECT THE REMOTE CONTROLLER

The steps to disconnect the remote controller will vary by insulin pump model. Follow the instructions below according to which pump model you have. You can find your model number beginning with MMT- on your pump label located at the bottom or end of your pump.

MiniMed™ Paradigm™ MMT-523/723, MMT-523K/723K, MMT-551/751, MMT-554/754 Insulin Pumps

Delete remote IDs programmed into your pump:

  1. Go to the REMOTE OPTION screen: Main > Utilities > Connect Devices > Remotes
  2. Select On, then press ACT.
  3. Select Delete ID, then press ACT.
  4. Select the Remote ID to be deleted, then press ACT.
  5. If more than one remote ID is programmed, repeat steps 3 and 4 until all remote IDs are deleted.

Disable the remote feature:

  1. Go to the REMOTE OPTION screen: Main > Utilities > Connect Devices > Remotes
  2. Select Off, then press ACT.

MiniMed™ Paradigm™ MMT-522/722, MMT-522K/722K, MMT-515/715, MMT-512/712 Insulin Pumps

Delete remote IDs programmed into your pump:

  1. Go to the REMOTE OPTION screen: Main > Utilities > Remote Options
  2. Select On, then press ACT.
  3. Select Delete ID, then press ACT.
  4. Select the Remote ID to be deleted, then press ACT.
  5. If more than one remote ID is programmed, repeat steps 3 and 4 until all remote IDs are deleted.

Disable the remote feature:

  1. Go to the REMOTE OPTION screen: Main > Utilities > Remote Options
  2. Select Off, then press ACT.

MiniMed™ Paradigm™ MMT-511 Insulin Pump

Delete remote IDs programmed into your pump:

  1. Go to the RF OPTIONS screen: Main > Utilities > RF Options
  2. Select On, then press ACT.
  3. Select Delete ID, then press ACT.
  4. Select the Remote ID to be deleted, then press ACT.
  5. If more than one remote ID is programmed, repeat steps 3 and 4 until all remote IDs are deleted.

Disable the remote feature:

  1. Go to the RF OPTIONS screen: Main > Utilities > RF Options
  2. Select Off, then press ACT.

MiniMed™ MMT-508 Insulin Pump

Delete remote IDs programmed into your pump:

  1. Start at Main/Time of Day screen.
  2. Press Sel until you see Set Up II, then press ACT..
  3. Press Sel until you see RF DEV, then press ACT.
  4. If not already done, scroll up/down using the up/down arrows to select On, then press ACT.
  5. Scroll up/down using the up/down arrows until the screen displays DELETE, then press ACT.
  6. Select the remote ID to be deleted, then press ACT.
  7. Select ACT again to confirm the controller ID deletion.
  8. If more than one remote ID is programmed, repeat steps 5 through 7 until all remote IDs are deleted.
  9. Wait for the pump screen to time out and return to the Main/Time of Day screen.

Disable the remote feature:

  1. Start at Main/Time of Day screen.
  2. Press Sel until you see Set Up II, then press ACT.
  3. Press Sel until you see RF DEV, then press ACT.
  4. Scroll up/down using the up/down arrows until the screen displays OFF, then press ACT.

Frequently asked questions


Yes, this is a recall. If you have an impacted remote controller device, you should immediately stop using and disconnect the remote controller from your pump and return it to Medtronic. Refer to the Urgent Recall Notification for specific actions required.
A potential cybersecurity risk was identified relating to the optional remote controllers that may be used with the MiniMed™ 508 insulin pump and the MiniMed™ Paradigm™ family of insulin pumps. In rare cases, it is possible that an unauthorized individual in close proximity to an insulin pump user could potentially copy the wireless radio frequency (RF) signals from their remote controller (while they are in the process of delivering a remote bolus) and play the RF signals back at a later time to deliver an involuntary bolus of insulin to the user. This could lead to potential health risks such as hypoglycemia if additional insulin is delivered beyond the user’s insulin requirements, or hyperglycemia if insulin delivery is suspended.
Medtronic was first made aware of this issue in late May 2018 at which time we began actively reviewing all data and reports and, in August 2018, began communications to potentially affected patients and healthcare professionals.
No. A global field action was initiated by Medtronic in August 2018. In November 2019, the U.S. Food and Drug Administration (FDA) classified this as a Class I recall. Now, in September 2021, Medtronic is conducting another proactive communication to the impacted customers and HCPs, requiring MiniMed™ remote controllers (MMT-500 and MMT-503) to be returned. The update to this recall does not introduce any new issues and the information previously provided about the potential cybersecurity risk remains the same.
Yes. We have informed the FDA and other appropriate authorities.
To further address this cybersecurity risk, Medtronic is now instructing impacted customers and healthcare professionals to return the MiniMed™ MMT-500 and MMT-503 remote controllers. This update to the recall does not introduce any new issues and the information previously provided about the potential cybersecurity risk remains the same.
No, you do not have to replace your pump due to this issue. The MiniMed™ 508 insulin pump and MiniMed™ Paradigm™ family of insulin pumps remain safe and effective for diabetes management, so we encourage you talk about this with your healthcare team. Every person with diabetes should make decisions about their insulin pump therapy along with their healthcare team. However, if you have an impacted remote controller device, you should immediately stop using and disconnect the remote controller and return it to Medtronic. Refer to the Urgent Recall Notification for specific actions required.