POStCODE middleware for post-market surveillance of medical devices for cyber security in medical and healthcare sector in Australia
12th International Symposium on Medical Information and Communication Technology (ISMICT) 2018
ECU Security Research Institute / School of Science / School of Medical and Health Sciences
Postmarket surveillance for cyber security of medical devices is an area within the critical infrastructure of health care and public health that has been largely neglected. In developed countries post market quality assurance is passive following complaints from the health care institutions to the manufacturers of the medical devices. Recently, the individual devices can be made traceable allowing any malfunctions to be uniquely identified in each device. There is a lack of clarity on post-sale ownership and management of devices and the updates to the device software. These devices, once plugged into Healthcare Information Systems (HIS) act as FDA approved black boxes that cannot be patched, updated, or secured by anyone other than the manufacturer. Moreover, these unpatched devices provide back doors to cyber criminals to invade the HIS. These devices are soft targets for cyber criminals. So far, we have not come across any mechanisms that address the surveillance of these devices for cyber security. In this paper, we analyzed the post-sale surveillance regulations in Australia. Based on our findings, we present fog-based POSTmarket SurveillanCe Of DEvices (POStCODE) middleware that provides the operational details (excluding the private data of patient) of the devices directly to the manufacturers. The introduction of the POStCODE will give device manufacturers the means to closely monitor the functioning of their devices. Manufacturers will be able to upgrade devices, patch security vulnerabilities and monitor device performance thereby enhancing health care outcomes. The POStCODE middleware enhances device security whilst building partnerships between the health care facilitators and the device manufacturers.