On December 18, 2024, Prof. Ajay Sood, the Principal Scientific Adviser (PSA) to the Government of India, chaired a meeting to review the progress of transforming India’s regulatory ecosystem for medical products. This meeting followed up on a previous discussion held on August 21, 2024, and was part of ongoing efforts initiated during the PM-Science Technology Innovation Advisory Council (PM-STIAC) meeting on February 6, 2024.
The PSA emphasized the need for a comprehensive overhaul of regulatory processes to enhance transparency, accountability, and innovation in the medical sector. Dr. Rajeev Raghuvanshi, Drug Controller General of India, reported on various initiatives, including maintaining India’s Maturity Level 3 position in the WHO’s National Regulatory Authority assessment for vaccines and the inauguration of a new drug testing lab in Bhubaneswar. Above all, the pertinent question arises– Why and how medical equipment needs to be regulated? As we are aware of, these equipment carry so much sensitive data which is an entry point for cyber-attackers.
For instance, In 2017 WannaCry ransomware attack accentuated the vulnerabilities of medical equipment, impacting over 200,000 computers worldwide and severely disrupting healthcare systems such as the UK’s National Health Service (NHS). In July 2015, the UCLA Health System suffered a data breach compromising the personal information of approximately 4.5 million patients.
The threats were further illustrated by the ransomware attack on MedStar Health in 2016, which paralyzed operations for several days. In 2020, the DCH Health System in Alabama was also attacked, forcing a reversion to non-digital methods and illustrating the broader impact on patient care. Concerns intensified in 2021 when the Cybersecurity and Infrastructure Security Agency (CISA) issued warnings about vulnerabilities in GE Healthcare devices, while the FBI highlighted the risks of inadequately secured medical devices.
In order to design a regulatory framework for medical equipment, we need to trace the genesis of technological advancement on these devices. Additionally, we have to closely analyse the manufacturing system including those countries who were historically associated with the product. As we know, from simple bloodletting tools in the past to today’s advanced imaging systems like MRI machines and life-support systems, the landscape of medical technology has transformed dramatically.
Modern medical devices are equipped with various technologies, including Internet of Things (IoT) connectivity, artificial intelligence (AI), and cloud computing capabilities, allowing them to not only operate effectively but also communicate and process vast amounts of data. In this context, we often forget to question those companies or tech leaders who are manufacturing these devices. Simply buying devices from manufacturers without closely monitoring software installed can exacerbate layers of challenge that could potentially undermine national interest.
As we know, cyber-attackers can target devices through various vectors, including unsecured Wi-Fi networks, inadequate software protections, and outdated firmware. Furthermore, with the integration of AI in medical devices, new vulnerabilities emerge. AI systems can optimize functionalities, such as predictive analytics in diagnostic tools, but they also introduce complexities in data integrity and system reliability. Malicious actors could exploit weaknesses within AI algorithms to manipulate outcomes, posing significant risks to patient safety and clinical decision-making.
The regulatory ecosystem surrounding medical equipment must undergo a comprehensive transformation. Authorities such as the Central Drugs Standard Control Organisation (CDSCO) in India are already taking proactive steps to enhance regulatory oversight by maintaining high standards of quality control while promoting indigenous manufacturing.
Quality control is critical, especially as India aims to boost its manufacturing capabilities and strive toward self-reliance in the production of medical devices. India can develop a competitive edge in the global market while protecting public health. Initiatives like the Medtech Mitra program help connect innovators with regulatory bodies, facilitating better communication and adherence to safety guidelines.
The way forward to secure national interests could be achieved diligently. First, focusing on indigenous manufacturing capabilities could be a game-changer. How? The medical science education institute needs a political will and visionary leaders oversight. Solely treating patient related education should not be the focus of healthcare education. Integration of computer science along with medical science by focusing on innovation and R&D could delineate dependency on other nations.
Secondly, mechanical engineering, software and health-care education systems can be developed jointly within our sovereignty. No need to make additional classrooms or put additional budgetary allocation to achieve this task. Just seminars and bootcamps efforts to foster innovative ideas can change the upcoming generation.
Thirdly, existing machines within our health-care system can give our scientists and innovators new information. Simply, reverse-engineering efforts can take us to new paths. This way, we can secure our interests and could become new leaders in healthcare related products. To achieve this target, GOI can invite interns or apprenticeship programmes for AI and Data scientists, mechanical, software and medical students to create a research wing within AIIMS or IIT.
Last but not the least, to rise in this sector, the initial stages of collaborating efforts are mandatory without disclosing project information. Furthermore, to make this happen, we may need a secure information technology system.
