The Healthcare and Public Health Sector Coordinating Council (HSCC) on Wednesday released new recommendations for manufacturing and managing the security of medical devices for clinical practice.
The voluntary, consensus-based Health Industry Cybersecurity Practices (HICP) is the culmination of a year and a half of industry and government experts identifying the five most prevalent cyber threats and the ten best practices to deal with them.
Shortly after releasing the HICP resource, the HSCC released the Medical Device and Health IT Joint Security Plan (JSP), which is a total product lifecycle reference guide for developing, deploying, and supporting cyber secure technology solutions in the healthcare environment.
It is scalable for small, medium and large organizations, and if implemented, should measurably reduce risk across the healthcare ecosystem.
Developed over the past year, the JSP is a total product lifecycle reference guide to developing, deploying and supporting cyber secure technology solutions in the health care environment.
The JSP responds to a set of recommendations issued in June 2017 by the Health Care Industry Cybersecurity (HCIC) Task Force, which urged strong efforts toward increasing the security and resilience of medical devices and health IT.
The HCIC was established by the Department of Health and Human Services at the direction of the Cyber Security Act of 2015.
The JSP utilizes “security by design” principles throughout the product lifecycle of medical devices and health IT solutions. It identifies the shared responsibility between industry stakeholders to harmonize security related standards, risk assessment methodologies & vulnerability reporting requirements to improve the information sharing between manufactures and healthcare organizations.
The JSP will be a living document and will be updated as required to adapt to the ever-changing threat environment for medical devices and health IT solutions.
“Securing medical devices from cybersecurity threats cannot be achieved by the FDA on its own,” said Suzanne Schwartz, M.D., associate director for science and strategic partnerships at the FDA’s Center for Devices and Radiological Health.
“That’s why the FDA has long been committed to working hard with various stakeholders like the HSCC to stay a step ahead of constantly evolving cybersecurity vulnerabilities. In this way,” Schwartz concluded, “we can help ensure the health care sector is well positioned to proactively respond when cyber vulnerabilities are identified in products that we regulate.”
The HSCC is an industry-driven public private partnership of healthcare companies and providers developing collaborative solutions to mitigate threats to critical healthcare infrastructure.