The Assignment Brief Details:

Instructions for completing your continuous assessment:

1. Answer twoof the question below. Each question will be values at 10% of the overall mark.
2. Submit via TURNITIN, as a PDF.
3. Use this sheet to provide your answers. Maintain the format of this sheet – do not reformat, resize, re-layout, or recolour.
4. Keep your answers as brief.

Submission Guidelines:

Length: Each section should be between 600-800 words.

Format: Submit your answers in a well-organized report format, using proper headings and subheadings for each section.

References: Cite all relevant regulatory guidelines, standards (e.g., ISO 14971), and academic literature to support your answers

Case study

Medtronic MiniMed Insulin Pump Recall and Cybersecurity Risk Management

Medtronic, a leading global medical device manufacturer, produces the MiniMed insulin pump, a crucial device for people with diabetes to self-administer insulin and manage their blood sugar levels. Insulin pumps like the MiniMed allow for precise control over insulin delivery, providing a significant improvement in quality of life for many patients.

In August 2018, Medtronic issued a recall for over 1,000 MiniMed insulin pumps due to a serious cybersecurity vulnerability. The U.S. Food and Drug Administration (FDA) raised concerns that hackers could exploit this vulnerability to gain control over the pump’s remote control. This breach could lead to unauthorized adjustments in insulin delivery, posing life-threatening risks, such as: Hypoglycemia: If the pump over-delivers insulin, causing dangerously low blood sugar levels. Hyperglycemia and Diabetic Ketoacidosis (DKA): If the pump ceases insulin delivery, leading to high blood sugar levels and potentially fatal ketoacidosis. Despite the significant potential risks, as of March 2020, the FDA reported that there were no known cases of patient harm due to this cybersecurity issue. Medtronic responded by advising customers to cease using the optional remote control feature rather than recalling the entire insulin pump.”

Additional information:

Journal Articles  (on blackboard)

• The First Recall of a Diabetes Device Because of Cybersecurity Risks
• Field safety notice

Question 1    (20 marks)

Describe the key stages in the product lifecycle of the Medtronic MiniMed insulin pump, from initial development to post-market surveillance. Discuss how product program management strategies can be used to integrate cybersecurity considerations at each stage.

Guidance: Focus on the design, development, production, and post-market phases. Consider how early identification of cybersecurity risks could have influenced the lifecycle management of the product.

Question 2    (20 marks)

Conduct a detailed risk assessment for the cybersecurity vulnerabilities identified in the Medtronic MiniMed insulin pump. What were the potential impacts on patient safety, and how should Medtronic have prioritized these risks in their overall risk management plan?

Guidance: Use a risk matrix to evaluate the severity and probability of the identified risks. Reference ISO 14971 and other relevant standards to justify your assessment.

Question 3 (20 marks)

Design a post-market surveillance system for the Medtronic MiniMed insulin pump, focusing specifically on monitoring cybersecurity risks. What key elements should be included to ensure timely detection and response to potential threats?

Guidance: Include incident reporting protocols, data collection methods, and communication strategies with regulatory authorities. Consider the use of automated monitoring tools and periodic security audits.