Alleged Insulin Pen Data Breach Sounds Alarm on Data Protection for Patients
Medtronic Diabetes has been hit with a class action lawsuit.
The lawsuit, filed in August 30, 2023 in a California federal court, alleges that Medtronic engaged in “transmission and disclosure” of personally identifiable and health information to Google and other third parties. The breach stems from the use of the Medtronic Diabetes’ InPen system.
At Issue According to the lawsuit, A. H.. v. Medtronic Minimed, Inc., 2:23-cv-07154, (C.D. Cal.), the plaintiff alleges that the insulin delivery services provider illegally distributed personally identifiable information and protected health information.
In the complaint, the complainant alleged the InPen’s “tracking tools” collects personal data in relation to their healthcare, which Medtronic Diabetes (Medtronic Minimed, Inc. and Minimed Distribution Corp.) “secretly mines, transmits, and intercepts for its own benefit,” without obtaining consent and authorization from the plaintiff.
Medtronic Diabetes noted in a letter dated April 14, 2023, that users of InPen Diabetes Management iOS and Android mobile applications may have been exposed to a data privacy incident affected users’ personal and health information.
READ MORE: Modeling a New Frontier with Emergent Technologies
The letter further noted that Medtronic Diabetes used the services of Google Analytics and Crashlytics to understand how users interact with the InPen App. The company stated that gathering information was an effort to “identify technical issues, assess the performance of the application and understand user needs and preferences to provide needed care to our customers.” Medtronic Diabetes noted they had learned recently that Google Analytics and Crashlytics transmitted certain user information to Google once a user logged into their account, and Firebase Authentication transmitted certain user information to Google in connection with a user’s registration on the InPen App.
According to the letter, collected information included the InPen App user name and password, phone number, email address, date of birth, IP address, information about specific medical conditions and treatment and related health information (such as insulin use), and identifiers tied to a user’s mobile device, such as mobile advertising IDs (MAIDs), Identifiers for Advertisers (IDFAs), Android Advertising IDs for Android devices (AAIDs), and Identifier for Vendors for iOS devices (IDFVs).
The company has stated that anyone who registered for or used an InPen account since September 2020 may have been affected.
As of this writing, a Service of Summons and Complaint Returned Executed was logged on Sept. 20, 2023. For more updates, link here for the case docket.
READ MORE: Wearable Skin Patches: The “Hot” Medical Research Field
Why it Matters
The Medtronic data breach highlights the need for the medical devices industry to mitigate the risk of unauthorized disclosures of user protected health information in the future. A class action lawsuit could provide incentive for MedTech companies to improve and reinforce their data privacy practices.
Insulin Pens Help Manage Diabetes
An insulin pen is used to inject insulin through the skin and into the fatty tissue for the treatment of diabetes. The biggest challenges for insulin pen users are associated with knowing the correct dose to inject, when to inject and keeping tabs on shelf-life, temperature and storage conditions, notes the American Diabetes Association.
Bluetooth-enabled insulin pens with built-in data-tracking have come a long way in supporting patients since the first FDA-cleared reusable smart insulin pen was launched in 2017. Current insulin pens are designed to be simple to use and make taking insulin more convenient because they combine the medication and syringe in one handy unit.
READ MORE: Medical Electronics Migrate to Public Places
A smart insulin pen sends real-time data to the app via Bluetooth connection. The device can calculate each dose based on the patient’s current blood sugar level, carbohydrate amounts, active insulin and settings prescribed by your doctor. It can notify you when your insulin has expired, send diabetes data to your health team and also do the math when figuring out how to dose for a meal or correct a high blood sugar reading, notes the American Diabetes Association.
Market Matters
The Insulin Pumps and Continuous Glucose Monitors market size was valued at $10.56 billion in 2022, according to GlobalData analysis. Larger medical and pharmaceutical companies that have joined the competition in emerging smart pen markets include Medtronic Plc, DexCom Inc, Abbott Laboratories, Ypsomed Holding AG, Tandem Diabetes Care Inc and Insulet Corp. Medtronic held the largest share of the Insulin Pumps and Continuous Glucose Monitors market in 2022, noted GlobalData.