Medical devices and cyber-attack threats
14th Apr, 2023
After ransomware attacks at major hospitals expose the risk to medical records, experts warn that personal medical devices with software components are also hazards that can leak health data.
What is Ransomeware?
- Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable.
- Malicious actors then demand ransom in exchange for decryption.
- Common medical devices such as oximeters, hearing aids, glucometers, and pacemakers can be turned into spyware and malware, warning that such devices can even leak your medical data if not layered with adequate cyber protection.
- Industry experts are now seeking urgent Central government intervention to recognise this threat and immediately put in place measures to plug any possible drain.
- Currently, there are no guidelines on the regulation of software as medical device (SaMD) and software in medical devices (SiMD).
- Therefore, we suggest that the government should consult with industry experts to identify the challenges that could pose a risk to national security.
Need for regulations:
- The Indian population is growing at a rate of 1.6% per year and has an elderly population of over 100 million.
- Rapid economic growth, rising middle class incomes and the increased market penetration of medical devices has left the population vulnerable.
India and medical device market:
- India has one of the world’s top 20 markets for medical devices and the fourth-largest in Asia.
- The medical devices sector in India is projected to reach $50 billion by 2025, according to the India Brand Equity Foundation.
- According to statistics from the Commerce Ministry analysed by the Association of Indian Medical Device Industry (AiMeD), medical device imports rose by a record 41% to ?63,200 crore ($ 7.91 billion) in 2021-22 from ?44,708 crore ($5.59 billion) in 2020-21.
Concerns for India:
- India currently lacks any centralised data collection mechanism which gives an exact cost of data corruption for the healthcare industry.
- As pharmaceutical companies continue to embrace digital transformation, their highly sensitive, valuable information becomes even more at risk for cyber-attacks.
- Pharma companies face their IT environment being landed with legacy hardware and software.
- In particular, operational technology devices, networks and systems that support business did not have IT security in mind when built.
- These networks and systems need to connect with IT networks, which expose them to an organisation’s entire threat landscape and create new opportunities for cyber criminals.
National Medical Devices Policy 2022:
- Regulatory streamliningin order to optimize regulatory processes and multiplicity of agencies for enhanced ease of doing business, along with harmonization with global standards to ensure standardization (ensuring safety of devices).
- Building Competitivenessthrough fiscal and financial support for stimulating the development of the local manufacturing ecosystem with private sector investments.
- Infrastructure Developmentto provide best-in-class physical foundation, including medical devices parks with common facilities such as testing centres, to improve cost competitiveness and enhance attraction of domestic manufacturers.
- Facilitating R&D and Innovationwith a focus on enhanced collaboration in innovation and R&D projects, global partnerships, and joint ventures among key stakeholders to bridge the gap between academic curriculum and industry requirements.
- Human Resource Developmentto ensure relevant curriculum at higher education level, skilling of various stakeholders, creation of future-ready HR with required skill sets across the innovation value chain.
- Awareness Creation and Brand Positioningin creating awareness and positioning India as a hub for manufacturing of medical devices as part of the “Make in India, Make for the World” initiative.