A Review of the Impact of Cybersecurity in High-risk Medical Devices And In-vitro Medical Devices All Over The World

In modern healthcare systems, medical devices are playing a major role which involves personalized medical devices which improve the patient’s lifestyle as they can be remotely monitored and their data are transmissible. Due to these data transmissions, the number of connections to the existing computer networks is increased. Being interoperable and interconnected these personalized medical devices provide great benefits like improved sensing capabilities and actuating capabilities. But the problem with high connectivity computer networks is that it exposes medical device to high cybersecurity vulnerabilities. The main targets are the pacemakers and institutions like hospitals and clinics. Hackers can easily hack medical devices and change prescriptions. So a cybersecurity breach can leak a patient’s sensitive and confidential data and risk the patient’s life. To prevent these multifaceted problems from happening these problems must be viewed from a systematic perspective and requires governance, technical controls, regulation, and standards.

Latest advancements in technology have resulted in the transformation of the healthcare system which tends to improve patient care.One of the major parts of the healthcare system is the pharmaceutical sector and having medical devices is their critical aspect 1 .After implanted in the body or attached to the patient externally they serve a critical function by providing continued automated assistance to save lives.The medical devices attached to a single patient are commonly referred to as Personalized Medical Devices (PMDs) 2 .The devices implanted in the patient's body are called Implantable Medical Devices (IMPDs).PMDs are medical devices with small firmware and modern hardware.They are wireless, mobile, and user-friendly.And they're interconnected and interoperable as well.The interconnectivity and interoperability may provide a great benefit but they also expose the medical device to major risk concerns like cybersecurity breaches and cybersecurity vulnerabilities that can be exploited maliciously or triggered intentionally this can affect the device's performance and they can be harmful to the patient by producing illness, injury or death 3 .So, all the stakeholders like Government, Hospitals, Healthcare organizations, and Medical Device Industries are responsible for maintaining the safety of the Patient as well as the Medical Device.
In the case of High-risk medical devices like cardiac pacemakers, insulin pumps, and implantable pulse generators they can be easily controlled and monitored using mobiles by using Bluetooth or an internet connection 4 .Some patients, such as prominent public figures are at greater risk of cybersecurity attacks.These attacks can do greater harm to the patients.And if this information is reported in the media it will greatly decrease the reputation of lifesaving medical implants.Usually, private information about highrisk medical devices is stored in Electronic Health Records (EHS) which has been reported that 90% of medical devices and Electronic Health Records have been the victims of cyber attacks 5 .
Because of these risks, the software and hardware used in high-risk medical devices require prior marketing approval and Remote monitoring of the High-risk medical devices and IVDs after being marketed to prevent and reduce cyberattacks.And one of the common methods is to apply security standards and policies including cyberattack awareness programs.The trends of cybersecurity can be understood based on 2 aspects: 1. Weakness and Bug Detection in the system 2. Identifying the cyber hackers and their methods 6 .
In this paper, we are going to discuss the methods that can be used to enhance safety, security, and privacy for medical devices that are controlled by the Internet while at the same time enabling higher mobility and Remote Monitoring.

Cybersecurity incidents
The most impact on the cybersecurity in a medical device is faced by Insulin pumps and Pacemakers.Research from the Archimedes -Ann Arbor Research Center for Medical Device Security at the University of Michigan has demonstrated the potential compromise to implanted devices 30 .It is found that insulin pumps-web interfaces, hard code administration passwords, and internet-accessed devices are found to be highly vulnerable in the environment of hospitals.And the internet accessed devices without authentication and encryption are the most vulnerable 31,36 .

Data transmission in medical devices
Nowadays radio frequency is commonly used for data transfer 37 .The bandwidth of the radio-frequencies for implants and pacemakers is 402-405 MHz, this bandwidth is common for devices all over the world, so this makes the devices more vulnerable.So, the process of broadcasting or misusing radiofrequency is called "radio piracy" 11 .
Electromagnetic interference is also one of the major concerns in which the non-cardiac external signals will interfere with the cardiac signals and manipulate them, for example, the airport scanners, smartwatches, and mobile phones 38 .Using filters like Bandpass filters we can filter the unwanted interference of the non-cardiac waves to interfere with medical devices 12,35 .
Radiofrequency identification is a part of radiofrequency but it differs from Radiofrequency identification can carry more data but the range is shorter comparatively.There are two types -active and passive 27 .Active requires a battery source and is more complex unlike the passive which can deliver fewer data but shorter bandwidth 33 .And the shorter the bandwidth less possibility for hackers to hack as it reduces the surface area of attack whereas longer bands are costly to produce 29 .But it does not mean that it is not possible to hack the devices that transfer data in shorter bands, as we already have a history of hackings like Banking cards which deliver only shorter bands 12 .

Ways to Protect Our Devices From Cybersecurity Risks Increasing the security of the weakest link
Hackers usually target the weakest link as it requires only a minimum amount of time.So, they will target loopholes and insecure areas instead of targeting security areas 22 .

Multiple Defense mechanism
Instead of focusing on a single solution, focus on complex interconnected solutions as if one system fails other interconnected systems will protect the device 23 .

Level of trust
The level of trust between the application components is essential and proper controls should be maintained to ensure that a proper level of trust is established between the interactions 26 .

Hiding credentials
Keeping the encryption keys and passwords hidden is a critical task.So, a depth approach should be established to keep the credentials private and safe 25 .

Least privilege principle
Each function of a security system should be maintained with the least privilege.As maintaining the least privilege prevents/ reduces any damages occurring from the loopholes of the system 19 .

Default security
While designing the systems access decisions should be provided rather than denying it.So, the user will get the option to accept or deny the program which is much easier to design and safer 21 .

Security Zoning
Encapsulation methods are used to create security zones/ trust zones, to handle the damage created by the trust or access breach 20 .

Simple Designs
These designs are systematically easyto-use and verify systems and which is because simpler designs are much preferred 18 .

Privacy Promotion
Maintain privacy about the instructions and processes about the system works which provides hackers with the system information 24 .

Incorrect assumptions
Incorrect assumptions are always a major concern and major loopholes are due to these incorrect assumptions.So, they should be avoided 13,14 .

Cybersecurity and remote monitoring
The development of implantable medical devices leads to a reduction in their size and they have to typically rely on the software alone for their functioning they are highly internet accessible compared to the old devices 17 .The implantable medical devices contain radio interfaces that are programmed with wireless communication with the help of external device programmers 34 .The benefits are more but this broadens the surface area of the attack leaving the device vulnerable 28 .And wireless attacks are much easier to launch and whereas analog attacks are comparatively harder because of the narrow surface area for attack 35 .So, the remote monitoring of medical devices has become essential and medical devices should be monitored periodically 15,16 .

CONCLUSION
The risk of cybersecurity has becoming a major concern and, in this paper, we have learnt about the different types of cybersecurity attacks, and major cybersecurity incidents and the ways to prevent the cybersecurity attacks.Each type of cybersecurity attack requires specific methods of prevention.The need to protect businesses' digital assets and medical equipment from cyberattacks has grown as a result of the development of the digital landscape.One of the difficulties in project management is balancing investments in security measures with rising development costs.Software testing experts and IT infrastructure staff need to incorporate security testing into their testing processes and regularly learn about security testing technologies and the most recent software and hardware security flaws.Given the multitude of rules, standards, frameworks, guidance documents, technical studies, and best practices on this subject, it has become more and more challenging to gain a clear understanding of regulatory requirements that address the security of connected medical devices and related software.While some standards lack explicit requirements on cybersecurity, they do offer some advice on how security controls should be implemented.In the software life cycle procedures, cybersecurity has grown to be of the utmost importance.The value of the company's goods and services can increase by putting in place a proactive security strategy against risks.