New report calls for enhancing cybersecurity in medical devices

HSCC has issued a new report providing recommendations, saying that there is a need for improving the cybersecurity of medical devices in order to make sure that patient care doesn’t get affected.

Recently, the Healthcare and Public Health Sector Coordinating Council (HSCC), which is a public-private association, has published a 53-page report providing recommendations on how to manage the cybersecurity of medical devices in clinical practice. The document is called the Medical Device and Health IT Joint Security Plan (JSP), and it put emphasis on the point that aligning security standards and risk estimations, together with reporting susceptibilities, are the collective responsibilities of both manufacturers and healthcare establishments.

The group that made the recommendations were co-led by Mayo Clinic, BD, and FDA. According to the report, the main has been to appeal to the organizations to make a commitment to executing the JSP, and it can be expected that it will certainly have a positive effect on the safety of the patients.

The JSP initiative came out as a result of an effort made by the Health Care Industry Cybersecurity (HCIC) Task Force in 2017 to fortify the cybersecurity of medical devices and health IT. The HCIC was founded by HHS under the Cyber Security Act of 2015 to ascertain the trials that are being faced by the healthcare industry in protecting itself against cybersecurity threats.

Why it matters?

As said by the JSP, assimilating security measures into existing procedures can be a difficult task. Reasons for this can differ, together with organizations not being able to comprehend the significance of cybersecurity measures for medical devices, not knowing where to begin, and lack of sufficient resources.

In view of that, HSCC, comprising of over 60 representatives from the Food and Drug Administration (FDA), the medical technology and health IT industries and healthcare service organizations, announced a new report on how the medical devices can be kept safer.

As has been stated by the report, medical technologies based on software can have a positive effect on patient care. On the other hand, as these medical products are becoming more linked, cybersecurity of medical devices becomes progressively more important as there is always the chance that patients might get harmed and their care might get disrupted, if products or clinical operations become obstructed as a result of cybersecurity distress.

Cybersecurity and FDA

Cybersecurity stays at the front position of regulatory efforts in medical technology and health IT. FDA needs the device makers to submit a software bill of materials as part of premarket submissions. The agency is also implying that there might be more actions that would require companies to embrace the procedures for the synchronised revelation of susceptibilities as they are identified. FDA is also in the middle of a two-day public workshop concerning the content of premarket submissions for cybersecurity management in medical devices.

Just the preceding year, FDA came out with its Medical Device Safety Action Plan and draft guidance on cybersecurity thoughts for premarket submissions. FDA also made its partnership with the Department of Homeland Security official.

In a press release, Suzanne Schwartz, who is the associate director for science and strategic partnerships at FDA’s Center for Devices and Radiological Health, said that the FDA is working with participants, for instance, HSCC because of the fact that the agency knows that it is not completely able to secure medical devices from cybersecurity threats all on its own.

The objective is to make sure that the healthcare sector can proactively react when cyber vulnerabilities are recognized in the products.

Image credit: www.istockphoto.com