In an effort to help device manufacturers, and healthcare and service providers mitigate cybersecurity risks in the supply chain, Healthcare Supply Chain Association (HSCA) has published important considerations and recommendations for each respective party.
“Maintaining device and information security is a shared responsibility of the manufacturers and suppliers of connected devices and services as well as the providers that use them. Providing this security is a continual effort that requires vigilance, adaptation, and ongoing communication and collaboration between the parties.” – HSCA
Register for the Medical Cybersecurity & Patch Management conference | Attend in-person or virtually | May 1 – 2, 2018 | Learn moreHSCA makes several recommendations to healthcare providers and medical device and service suppliers, including:
- Assigning an IT or network security officer who is responsible for security within the organization
- Employee cybersecurity training for those with network access
- Putting processes in place to ensure adequate updates and patches are made to software, firmware and third-party applications
- Installation of firewalls and network segmentation that restricts user access to systems and databases
- Enforcement of password policies that are NIST and ISO compliant
- Providing an MDS2 for any medical device that can be connected to a network
- Providing device upgrade paths to providers at no extra cost for legacy devices
- Participation in an information sharing and analysis organization (i.e., National Health Information Sharing and Analysis Center or Medical Device Vulnerability Intelligence Program for Evaluation and Response)
HSCA has made two key documents available: Recommendations for Medical Device Cybersecurity Terms and Conditions and Medical Device and Cybersecurity: Key Considerations for Manufacturers & Healthcare Providers