Radcliffe disclosed last week that the vulnerable insulin pumps are the Medtronic Paradigm 512, 522, 712, and 721. He said that he disclosed the manufacture and models because he was frustrated by the lack of public disclosure by Medtronic, the largest US maker of insulin pumps, about the pump flaws, according to a report by InformationWeek.
At the Black Hat conference earlier in the month, Radcliffe had disclosed the vulnerability by disabling his own insulin pump on stage, but he did not disclose the name of the manufacturer or model numbers to provide the vendor time to address the vulnerability.
Radcliffe decided to disclose the information last week because of the lack of forthrightness on the part of the manufacturer about the problem. He also disclosed that the RF transmitter he used to exploit the pump was the Medtronic Minimed Comlink (MMT-7304NA).
Medtronic responded to Radcliffe by saying it believes “the risk of deliberate, malicious, or unauthorized manipulation of our insulin pumps is extremely low. To our knowledge, there has never been a single reported incident of a deliberate attack on an insulin pump user in more than 25 years of insulin pump use.”