Insulet experiences knowledge breach affecting 29,000 insulin pump customers


Mass.-based medical system firm Insulet issued a discover of an information breach which will have compromised the protected well being data of 29,000 customers of its just lately recalled Omnipod DASH Insulin Administration System.

In November, the FDA posted a notice a few Class I recall of Insulet’s Omnipod DASH Insulin Administration System Private Diabetes Supervisor, following complaints concerning the battery, together with swelling, fluid leaking and excessive overheating which will create a hearth hazard. 

The corporate issued a voluntary system recall one month prior and notified customers by way of an Pressing Medical System Correction electronic mail.

In December, Insulet despatched a follow-up letter requesting customers acknowledge they obtained a medical system correction letter with a hyperlink to a novel webpage that inadvertently uncovered IP addresses and whether or not clients used the DASH system and PDM to web site efficiency and advertising companions.

In line with a copy of the letter Insulet despatched to clients relating to the info breach, the corporate stated “configuration of net pages used for receipt verification uncovered some restricted private data” about clients. Monetary data, electronic mail addresses, passwords and social safety numbers weren’t disclosed. 

“We notified clients that some protected well being data (PHI) resembling use of the Omnipod DASH product and use of a PDM, linked with an IP deal with, could have been uncovered. IP addresses are thought-about private identifiers; nevertheless, they’re linked to the placement or the community by way of which a person connects with the web and are usually not essentially distinctive to a person,” a spokesperson for Insulet instructed MobiHealthNews by way of electronic mail. 

“lnsulet takes this occasion very critically. After discovering the privateness incident on December 6, 2022, we disabled all monitoring codes on the related acknowledgment net web page that very same day in order that no additional publicity of PHI might happen. The place doable, we’re additionally requesting that our companions delete logs of the IP addresses and distinctive URLs in order that they’d not proceed to have entry to that data.”  

Insulet notified the U.S. Division of Well being and Human Companies of the info breach on Jan. 5, according to the department’s database


The corporate launched its Omnipod 5 Automated Insulin Supply System into the total U.S. market in early August after receiving FDA 510(k) clearance just one year ago

In November, Insulet launched its 2022 Q3 earnings, noting the corporate beat its income expectations with $326.1 million, a 23.7% enhance in fixed foreign money in comparison with $275.6 million from final 12 months. 

Following the DASH recall, the corporate stated it might ship customers an up to date PDM upon availability, which it stated would price an estimated $35 million to $45 million.

The FDA’s recall classification got here simply days after the company issued a nationwide voluntary medical device “correction” for its Omnipod 5 controller attributable to charging port and cable points. 

The publicly-traded firm obtained 24 experiences that warmth generated attributable to a poor connection between the cable and the port is inflicting the controller’s charging port or cable to soften or turn into discolored or deformed. The surplus warmth can result in a hearth or trigger minor burns if a person touches that space of the controller. 


Leave a Reply