Citing the increasing number of cyber attacks in healthcare and concern about the potential for targeting medical devices, the FDA announced in an October 1, 2018 press release the publication of its Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook.
The playbook was prepared in collaboration with MITRE, a non-profit, government-funded research and development organization that explores new uses of technologies to assist government agencies in solving problems.
The 38-page playbook outlines a framework for developing a regional collaborative approach to preventing and responding to cyber attacks targeting medical devices. Although the agency isn’t aware of any reports of an unauthorized user exploiting medical device cybersecurity, the FDA said it developed the playbook as a result of a number of security vulnerabilities identified by “white hat hackers.”
While the thrust of the document is aimed at healthcare delivery organizations (HDOs) and other stakeholders including clinicians, IT, risk management and facilities staff, it also identifies device manufactures as having a role in prevention and response.
The recommendations call for organizations integrating cybersecurity preparedness into their overall emergency preparedness planning including regional coordination.
The first step to developing a successful preparedness plan on a regional level, the playbooks says is building trust relationships with partners including device makers. The recommendations call for NDAs that protect sensitive incident information while facilitating information sharing either with the Health Information Sharing and Analysis Center (H-ISAC) or Information Sharing and Analysis Organization (ISAO) acting as an initial conduit.
Here are some other specific recommendations affecting device makers:
The goal of the playbook framework is to establish an understanding of roles and responsibilities of responders internal and external to the HDO that will help to clarify lines of communication and concepts of operations across HDOs, medical device manufacturers, state and local governments, and the federal government. The playbook is available online.
Whether you are facing issues with regulatory processes or cybersecurity Kapstone Medical has the experience and expertise to assist you through all phases of the device development and commercialization. For more information contact us today at (704) 843-7852 – or by email at info@kapstonemedical.com.