The firm said the vulnerability concerned its OneTouch Ping pump which is only sold in the US and Canada.
However, it told the BBC there had been no reported attacks and the risk was "extremely low".
"It would require technical expertise, sophisticated equipment and proximity to the pump," it said.
The disclosure was made in a letter to patients on 27 September, the firm said.