The Healthcare and Public Health Sector Coordinating Council (HSCC) has issued the latest cybersecurity framework for medical devices. Medical device sellers, healthcare suppliers, and other healthcare industry stakeholders that implement the voluntary framework will be able to improve the safety of medical appliances throughout their lifecycle.
The HSCC is a union of private sector crucial healthcare infrastructure units that have associated with the government to find and mitigate dangers and exposures facing the healthcare sector. The group includes over 200 healthcare industry and government companies. Collectively they work on developing strategies to tackle present and evolving cybersecurity challenges encountered by the healthcare sector.
Over 80 companies contributed to the growth of the Medical Appliance and Health IT Joint Security Plan (JSP), which builds on commendations made by the Healthcare Industry Cybersecurity Task Force founded by the Division of Health and Human Services after the passing of the Cybersecurity Information Sharing Law of 2015.
“It is vital for medical device producers and health IT sellers to take into account the JSP’s voluntary framework and its related plans and templates all through the lifecycle of medical devices and health IT as doing so is expected to lead to better security and therefore better products for patients,” clarified HSCC.
Cybersecurity controls can be tough to incorporate into existing procedures. Companies often fail to know how vital safety controls are, and when considering how to increase cybersecurity many don’t know where to begin or have inadequate resources to dedicate to the job. The framework assists by providing direction on how to create a safety policy and procedures that ally with and integrate into present procedures.
HSCC is urging companies to commit to applying the JSP as it is thought that by doing so patient security will be enhanced.
The JSP can be adopted by companies of all sizes and stages of maturity and assists them to increase cybersecurity of medical devices by tackling main challenges. A lot of big producers have already generated similar cybersecurity programs to the JSP, therefore it is likely to be of most use for small to medium-sized firms that lack consciousness of the steps to take to improve cybersecurity and those with fewer resources to dedicate to cybersecurity.
The JSP uses safety by design rules and identifies shared responsibilities between industry stakeholders to synchronize safety standards, risk assessment methods, reporting of weaknesses, and improve information sharing between appliance producers and healthcare suppliers. The JSP covers the whole lifecycle of medical appliances, from development to deployment, management, and end of life. The JSP contains numerous recommendations including the inclusion of cybersecurity measures during the design and development of medical appliances, handling product complaints linked to cybersecurity events, alleviation of post-market weaknesses, managing safety risk, and decommissioning appliances at end of life.
The Medical Appliance and Health IT Joint Security Plan can be downloaded on this link.