The Exploit Prediction Scoring System (EPSS) can help healthcare organizations prioritize security vulnerabilities, but it has limitations in IoMT environments. While EPSS provides valuable data-driven prioritization, it should be combined with other risk assessments, cybersecurity frameworks, and strategies to more comprehensively secure healthcare systems’ IoMT devices.
Information Sharing and Analysis Centers (ISACs), developed to help critical infrastructure industries prevent and become more resilient to cyber and physical security attacks, are expanding their strategies to meet ever-evolving threats. Errol Weiss, Chief Security Officer of the Health-ISAC, discusses how these groups work to protect industry, emerging threats and how device developers and healthcare organizations are working together to protect patients.
Dave Bailey, VP of Consulting Services at Clearwater Security, highlights the need for top-down support in managing healthcare-related cyber risks and how the new NIST Cybersecurity Framework can help enhance cybersecurity in healthcare and MedTech organizations.
IoT is a key factor in patient-focused digital transformation. The technology enhances precision lab equipment and operations, providing greater clarity of medical data, streamlining experimentation and fueling industrial automation.
The new draft guidance proposes select updates to the FDA guidance document “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions” and focuses on information FDA considers necessary to support obligations under section 524B of the FD&C Act, “Ensuring Cybersecurity of Devices.”
The National Institute of Standards and Technology (NIST) has updated its Cybersecurity Framework (CSF) guidance document for reducing cybersecurity risk. The new 2.0 edition is designed for all audiences, industry sectors and organization types. This is the framework’s first major update since its creation in 2014.
As part of its reorganization of the CDRH, the FDA has elevated the Office of Strategic Partnerships and Technology Innovation (OST) to a Super Office that will include the Office of Supply Chain Resilience (OSCR), Digital Health Center of Excellence (DHCoE), Office of Technology and Data Services (OTDS), Office of Readiness and Response (ORR) and Office of Equity and Innovative Development (OEID).
“We’re excited to have Naomi in this role. With her FDA experience, her visionary approach will pave the way for success, ensuring that businesses not only meet the FDA’s stringent requirements but also thrive in an environment where cybersecurity is a fundamental business value.”
In addition to addressing cybersecurity risk management during the design and development of medical devices, the standard also contains clear guidance related to postmarket monitoring of device vulnerabilities, security measures such as patching, and the use of a software bill of materials.
As with most industries experiencing steady growth, the medtech market faces several challenges, including supply chain issues, price inflation on materials and energy, labor shortages and increasing regulations. Adopting cloud-based digital solutions can help address these challenges. For companies investigating new solutions, the State of Manufacturing Technology survey can serve as a valuable benchmarking tool.
