Omnipod DASH Insulin Pump Users Affected By Data Breach
By Andrew Briskin
Insulet alerted Omnipod DASH users that a data breach, connected to a recall of device controllers, may have compromised health information from thousands of users.
In January 2023, Insulet, the manufacturer of Omnipod insulin pumps, experienced a data breach that compromised protected health information from approximately 29,000 users of the Omnipod DASH pump.
According to a letter from Insulet to Omnipod DASH users on Jan. 5, the breach involved the sharing of users’ IP addresses, their use of the Omnipod DASH system, and other “limited personal information” with third-party consultants of Insulet. No financial information, social security numbers, email addresses, or passwords were compromised in the breach.
The US Department of Health and Human Services is currently investigating the breach, which is connected to a November 2022 FDA recall of Omnipod DASH’s Personal Diabetes Manager (PDM). The PDM is the hand-held controller used to operate Omnipod DASH, for users who do not have an Android smartphone (the Omnipod mobile app is not compatible with iOS devices). This recall was announced after several reports of battery leakages and overheating after extended use of the PDM.
In its letter to Omnipod DASH users, Insulet said that it disabled all data tracking related to the breach on Dec. 6 to stop the exposure of health-related information, and that the company is working with partners to resolve all outstanding issues.Insulet’s newest insulin pump, Omnipod 5, was cleared by the FDA in 2022, and no Omnipod 5 PDM controllers were affected by the recall connected to the data breach.