A new program established by the U.S. Department of Veteran Affairs and UL aims to address the current gap for cybersecurity standards and practical certification approaches for connected medical devices as it relates to the patient safety risks and disclosure risks of the protected health information of veterans. Announced this morning, the Cooperative Research and Development Agreement Program (CRADA) project will help improve veteran patient safety and security by using UL’s Cybersecurity Assurance Program (CAP).
“Working together with the VA, we will contribute to industry-wide situational awareness of both medical device vulnerabilities and threats,” said Anura Fernando, UL Principal Engineer for Medical Software & Systems Interoperability. “We believe that this project will positively impact the direction that manufacturers take in improving the overall security posture of medical cyber assets.” In a recent interview with MedTech Intelligence, UL’s Anura Fernando discussed the CAP program and its impact on cybersecurity. Read “New Program Prepares Companies for Medtech Cyberattacks”.
Patching and reconfiguring medical devices has opened the vulnerability door, creating vulnerable software and thus significant challenges related to protecting devices against cybersecurity attacks. UL and the VA’s Office of Information & Technology will work to improve existing and emerging standards and practices related to network connectable medical devices, along with device data systems and related health information technology. It is anticipated that the CRADA project will accelerate medical device cybersecurity information sharing, and standards and lifecycle requirements in order to create a safety certification framework for Veterans.