One of the major pillars of the current Industry 4.0 is Automation. Indeed, technology is intervening in almost every domain to “automate” the workforce and make human life easier and better. In the present age, machines are getting integrated with the Internet of Things, Cloud Computing, and Artificial Intelligence with the data flow being transferred and processed via the Internet. These changes indeed catalyze the overall productivity, but also expose data to the public
In cases of continuous data transfers and exposition, Cybersecurity becomes a pivotal element where it not only protects the data but also proactively provides mechanisms to defend against malicious attacks and malware. In the case of medical devices that include sensitive medical data flows and software-controlled hardware devices like heart implants or Continuous Glucose Monitoring (CGM) devices, Cybersecurity becomes an important factor for contributing towards system safety and quality. To ensure that medical devices, software, and applications (web or mobile-based) are safe and effective before releasing them in the market, FDA mandates Cybersecurity measures be implemented to protect against cyber-attacks. Also, the FDA mandates that medical device manufacturers be compliant with the industry-accepted Cybersecurity
In this paper, we begin by specifying the vulnerabilities identified in the medical systems. The vulnerabilities include the potential data access points which later might be identified by patients, clinicians, device manufacturers, or cybersecurity/software engineers as the points of data breaches. The later part of the paper discusses the recent attacks in the field of healthcare and medical services. In the next key section of the paper, we provide the guidance methodologies for pre and post device submission which includes the steps taken by the device manufacturers and software engineers if they identify a threat in the system after the product is live, or if the system has suffered a cyber-attack. The same section also includes the cybersecurity standards accepted by the FDA. Before concluding the paper, we outline strategies that may be used to mitigate Cybersecurity risks which also include the roles and responsibilities of device manufacturers, patients, health care personnel, software developers, and the FDA to ensure data security and patient safety.