Cyber security concerns should be a factor as early as the design phase of software-based medical devices, according to the new “Cyber Security and Health IT Joint Security Plan” developed by the Washington, D.C.-based Healthcare and Public Health Sector Coordinating Council.
Software-based medical technologies have the potential to positively impact patient care. As these products become more connected, however, product cyber security becomes increasingly important as there is the potential for patient harm and disruption of care if products or clinical operations become impacted because of a cybersecurity breach.
Security can be difficult to integrate into existing processes for a variety of reasons such as organizations not recognizing its importance, not knowing where to start, and insufficient resources, according to the report. The HSCC recommends that the JSP be used to help create security policy and procedures that align and integrate into existing processes. Patient safety will be positively impacted as a result.
“The medical device industry recognizes that, as patient care is increasingly provided across a networked and internet-connected environment, security in turn needs to keep pace with the technological innovation that is driving patient care,” says Rob Suarez, director of product security at Becton Dickinson. “The JSP provides a scalable security roadmap for large and small manufacturers, and the customers they serve.”
Other areas that requires special attention, according to the report, include the handling of product complaints relating to cyber security incidents and vulnerabilities, managing security risk throughout the lifecycle of medical technology, and assessing the maturity of a product cybersecurity program.
The HSCC is a public-private partnership of healthcare companies and providers developing collaborative solutions to mitigate threats to critical health care infrastructure.
