Science and Technology

Spy on medical device 

Arun PC
Arun PC
April 12, 2023 · 3 min read
3
Spy on medical device

News Highlights:

  • Recently, some experts have warned that Common medical gadgets like oximeters, hearing aids, glucometers, and pacemakers can be turned into spyware and malware.
  • Industry experts are now seeking urgent Central government intervention to recognise this threat and immediately put in place measures to plug any possible drain.

Recent Ransomware attacks:

  • Recently, ransomware attacks were suffered by India’s top tertiary care hospitals, leading to the siege of millions of medical records and vast amounts of health data at Delhi’s All India Institute of Medical Sciences, Safdarjung Hospital and Lady Hardinge Medical College and Hospitals.
  • Indian multinational pharmaceutical company Sun Pharma, the world’s fourth largest generic pharma firm, was also among the recently hit establishments.
  • These attacks ran parallel to the failed attempts to hack into India’s top medical research organisation, the Indian Council of Medical Research (ICMR).

Major Concerns:

  • Data Breaches:
    • The increasing use of medical technology devices and the lack of adequate cyber protection have raised concerns about data breaches and cyberattacks in the healthcare industry.
    • Such devices contain software as medical devices (SaMD) and software in medical devices (SiMD) and are typically connected to the internet, mobile phones, servers, and the cloud and are thus vulnerable to attacks.
  • Vulnerable population:
    • India has one of the world’s top 20 markets for medical devices and is the fourth-largest in Asia.
    • The medical devices sector in India is projected to reach $50 billion by 2025, according to the India Brand Equity Foundation.
    • Rapid economic growth, rising middle-class incomes, and the increased market penetration of medical devices have left the population vulnerable, experts say.
  • Inadequate systems:
    • India currently lacks any centralised data collection mechanism, which gives an exact cost of data corruption for the healthcare industry.
    • However, it is clear that data — now called the new oil — is seeing a threat that has become rampant, sophisticated, and severe. As pharmaceutical companies embrace digital transformation, their sensitive, valuable information becomes even more at risk for cyberattacks.
    • Pharma companies face their IT environment being landed with legacy hardware and software.
    • In particular, operational technology devices, networks and systems that support business did not consider IT security when built.
    • These networks and systems need to connect with IT networks, which exposes them to an organisation’s entire threat landscape and creates new opportunities for cybercriminals.

Solutions for Cyber Threats:

  • Expert consultation:
    • The government should consult with industry experts to identify the challenges that could pose a risk to national security.
  • Training employees: 
    • Employees should be trained in how to recognise and avoid phishing emails, which are commonly used to initiate ransomware attacks.
  • Data protection:
    • Data protection is not rocket science. 
    • Still, it requires legal and technical artisanship, the allocation of adequate resources and the training of all professionals involved in processing personal data.
  • Regular Software Updates: 
    • Regular software updates can help address vulnerabilities that hackers might exploit.
  • Access Control: 
    • Limiting access to medical devices to only authorised personnel can prevent unauthorised individuals from accessing the devices and infecting them with malware.
  • Encryption: 
    • Encryption can be used to protect the data on medical devices from unauthorised access.
  • Network Segmentation: 
    • Segmenting the network can help prevent the spread of malware from one device to another.

What Should be done for cyber protection:

  • Cyber-Awareness: 
    • Education is one of the important sectors for the dissemination of information on the prevention of cyber-crimes and reiterated that the young population could act as a force multiplier to be aware of their engagement in cyberspace and create an ecosystem for cyber security and to prevent cyber-crimes.
  • Tech-Diplomacy for Secure Global CyberSpace: 
    • To tackle emerging cross-border cyber threats and move towards secure global cyberspace, India should strengthen its diplomatic partnerships with advanced economies and techno-democracies.
  • Cooperative Federalism and Cybersecurity: 
    • Police and public order are included on State Lists, so states must ensure that law enforcement is well-equipped to deal with cybercrime.
    • The IT Act and major laws are enacted centrally, so the central government can develop uniform statutory procedures for law enforcement.
    • Also, the centre and states must commit adequate funds to develop much-needed cyberinfrastructure.
  • Mandatory Data Protection Norms:
    • All government and private agencies dealing with personal data should be required to adhere to mandatory data protection norms.
    • To ensure compliance with norms, relevant authorities should conduct regular data protection audits.

Pic courtesy: Freepik

Content Source: The Hindu

Read More…

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Leave a Reply

Your email address will not be published. Required fields are marked *