HSCA Releases Extensive Cybersecurity Considerations
In an effort to help device manufacturers, and healthcare and service providers mitigate cybersecurity risks in the supply chain, Healthcare Supply Chain Association (HSCA) has published important considerations and recommendations for each respective party.
“Maintaining device and information security is a shared responsibility of the manufacturers and suppliers of connected devices and services as well as the providers that use them. Providing this security is a continual effort that requires vigilance, adaptation, and ongoing communication and collaboration between the parties.” – HSCA
Register for the Medical Cybersecurity & Patch Management conference | Attend in-person or virtually | May 1 – 2, 2018 | Learn moreHSCA makes several recommendations to healthcare providers and medical device and service suppliers, including:
- Assigning an IT or network security officer who is responsible for security within the organization
- Employee cybersecurity training for those with network access
- Putting processes in place to ensure adequate updates and patches are made to software, firmware and third-party applications
- Installation of firewalls and network segmentation that restricts user access to systems and databases
- Enforcement of password policies that are NIST and ISO compliant
- Providing an MDS2 for any medical device that can be connected to a network
- Providing device upgrade paths to providers at no extra cost for legacy devices
- Participation in an information sharing and analysis organization (i.e., National Health Information Sharing and Analysis Center or Medical Device Vulnerability Intelligence Program for Evaluation and Response)
HSCA has made two key documents available: Recommendations for Medical Device Cybersecurity Terms and Conditions and Medical Device and Cybersecurity: Key Considerations for Manufacturers & Healthcare Providers
Related Articles
-
The corrective action is intended to reduce the risk of patient harm as a result of cybersecurity vulnerabilities in the products.
-
Industry shifts focus to proactive measures in addressing vulnerabilities and promoting cybersecurity.
-
The recently released draft guidance on cybersecurity stresses the importance of preparation versus reaction.
-
The agency clarifies some misconceptions about requirements.
-
The healthcare industry has a new set of threats on its hands.
-
A cybersecurity researcher identified eight vulnerabilities, ranging in severity from low to critical, in Smiths Medical’s Medfusion 4000 wireless infusion pumps.
-
Next month cybersecurity experts from FDA, medical device companies and other healthcare organizations with gather to talk strategy and best practices for designing and evaluating secure technologies.
