POStCODE middleware for post-market surveillance of medical devices for cyber security in medical and healthcare sector in Australia

Authors

Junaid Chaudhry
Craig Valli, Edith Cowan UniversityFollow
Michael Crowley, Edith Cowan UniversityFollow
Jon Haass
Peter Roberts, Edith Cowan UniversityFollow

Document Type

Conference Proceeding

Publication Title

12th International Symposium on Medical Information and Communication Technology (ISMICT) 2018

Publisher

IEEE

School

ECU Security Research Institute / School of Science / School of Medical and Health Sciences

RAS ID

29446

Comments

Chaudhry, J., Valli, C., Crowley, M., Haass, J., & Roberts, P. (2018). POStCODE middleware for post-market surveillance of medical devices for cyber security in medical and healthcare sector in Australia. In the IEEE 2018 12th International Symposium on Medical Information and Communication Technology (ISMICT) (pp. 1-10). Available here

Abstract

Postmarket surveillance for cyber security of medical devices is an area within the critical infrastructure of health care and public health that has been largely neglected. In developed countries post market quality assurance is passive following complaints from the health care institutions to the manufacturers of the medical devices. Recently, the individual devices can be made traceable allowing any malfunctions to be uniquely identified in each device. There is a lack of clarity on post-sale ownership and management of devices and the updates to the device software. These devices, once plugged into Healthcare Information Systems (HIS) act as FDA approved black boxes that cannot be patched, updated, or secured by anyone other than the manufacturer. Moreover, these unpatched devices provide back doors to cyber criminals to invade the HIS. These devices are soft targets for cyber criminals. So far, we have not come across any mechanisms that address the surveillance of these devices for cyber security. In this paper, we analyzed the post-sale surveillance regulations in Australia. Based on our findings, we present fog-based POSTmarket SurveillanCe Of DEvices (POStCODE) middleware that provides the operational details (excluding the private data of patient) of the devices directly to the manufacturers. The introduction of the POStCODE will give device manufacturers the means to closely monitor the functioning of their devices. Manufacturers will be able to upgrade devices, patch security vulnerabilities and monitor device performance thereby enhancing health care outcomes. The POStCODE middleware enhances device security whilst building partnerships between the health care facilitators and the device manufacturers.

DOI

10.1109/ISMICT.2018.8573695

Access Rights

subscription content