OTPulse

Medtronic NGP 600 Series Insulin Pumps

MonitorCVSS 4.8ICS-CERT ICSMA-22-263-01Sep 20, 2022
Medtronic
Attack path
Attack VectorAdjacent
Auth RequiredLow
ComplexityHigh
User InteractionNone needed
Summary

Medtronic NGP 600 Series insulin pumps (MiniMed 620G, 630G, 640G, 670G) contain a vulnerability that allows an attacker within Bluetooth range to manipulate insulin bolus delivery. An unauthorized user could trigger delivery of too much insulin or halt insulin delivery by sending a crafted wireless command to the pump. This results in either severe hypoglycemia or interruption of necessary insulin therapy. The vulnerability requires local wireless proximity and the pump's remote bolus feature to be enabled; attack complexity is high. No public exploits exist. Medtronic has not released patches for these models, indicating they are end-of-life or unsupported for remediation.

What this means
What could happen
An attacker with local wireless access could trick a pump into delivering too much insulin (causing hypoglycemia) or stopping insulin delivery entirely, creating a life-threatening condition in a patient using the device.
Who's at risk
Patients using Medtronic MiniMed insulin pump series (620G, 630G, 640G, 670G) and their caregivers should be aware of this vulnerability. Any healthcare facility, clinic, or home care setting managing diabetes patients with these pumps needs to implement compensating controls immediately. Medical device IT staff and biomedical engineers responsible for device connectivity should ensure remote bolus features are disabled and wireless pairing practices are restricted.
How it could be exploited
An attacker within Bluetooth range of the insulin pump could send a crafted wireless message to manipulate insulin bolus delivery. The attack requires the pump's remote bolus feature to be enabled and the attacker to have gained information about the pump's pairing or connection state. Once the attacker sends the malicious command, the pump delivers an unintended bolus or stops delivery without alerting the authorized user in time.
Prerequisites
  • Local wireless (Bluetooth) proximity to the pump
  • Remote Bolus feature enabled on the pump
  • Knowledge of pump pairing or connection identifiers
  • High attack complexity; no valid user credentials explicitly required but attacker must time the exploit during active pump operation
Affects medical device with safety implications (insulin delivery)Local wireless exploitability (Bluetooth proximity)No patch available—end-of-life devicesUnintended insulin delivery could cause severe hypoglycemia or deathLow EPSS score (0.1%) suggests low real-world attack probability but high clinical severity if exploited
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (4)
4 pending
ProductAffected VersionsFix Status
MiniMed 620G: MMT-1710MMT-1710No fix yet
MiniMed 630G: MMT-1715 MMT-1754 MMT-1755MMT-1715 | MMT-1754 | MMT-1755No fix yet
MiniMed 640G: MMT-1711 MMT-1712 MMT-1751 MMT-1752MMT-1711 | MMT-1712 | MMT-1751 | MMT-1752No fix yet
MiniMed 670G: MMT-1740 MMT-1741 MMT-1742 MMT-1760 MMT-1762 MMT-1762 MMT-1780 MMT-1781 MMT-1782MMT-1740 | MMT-1741 | MMT-1742 | MMT-1760 | MMT-1762 | MMT-1762 | MMT-1780 | MMT-1781 | MMT-1782No fix yet
Remediation & Mitigation
0/8
Do now
0/8
WORKAROUNDDisable the Remote Bolus feature on all Medtronic insulin pumps (MiniMed 620G, 630G, 640G, 670G)
HARDENINGOnly pair or connect pump to compatible devices in private locations away from public or untrusted wireless environments
HARDENINGDisconnect USB data download cables when not actively transferring pump data
HARDENINGDo not confirm remote connection requests on the pump screen unless initiated by authorized care personnel
HARDENINGReject any bolus commands from unauthorized sources; verify all bolus instructions originate from authorized carers
HARDENINGDo not accept blood glucose readings or calibration commands from unauthorized devices
HARDENINGDo not pair the pump with third-party devices or unauthorized software
HARDENINGMonitor pump alerts, alarms, and notifications continuously for unexpected bolus or delivery changes
View full CISA ICS-CERT advisory
API: /api/v1/advisories/05808c6f-96f9-4daa-a5cc-99afe8757ed7

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.