News Feature | October 17, 2014

Medical Device And Healthcare Cybersecurity Workshop Scheduled

Christine Kern

By Christine Kern, contributing writer

HTO_Mobile_Devices

The FDA and DHS are offering a public workshop to address HPH cybersecurity challenges and collaboration.

The Food and Drug Administration and the Department of Homeland Security have announced a public workshop to deal with Medical Device and Healthcare Cybersecurity as part of National Cybersecurity Awareness Month. The workshop is designed to join stakeholders in the healthcare and public health (HPH) sector in collaboration to identify and address HPH cybersecurity challenges and solutions.

“The purpose of the meeting is to catalyze collaboration in the healthcare and public health sector to more fully address medical device cybersecurity,” Suzanne Schwartz, M.D., director of emergency preparedness/operations and medical countermeasures at FDA’s Center for Devices and Radiological Health, explained in blog.

The meeting will bring together medical device manufacturers; healthcare providers; biomedical engineers; IT system administrators; professional and trade organizations; insurance providers; cybersecurity researchers; local, state and federal government staffs; and representatives of information security firms.”

According to Schwartz, because cybersecurity of medical devices is an important part of public health safety, the FDA has entered into a partnership with the National Health – Information Sharing and Analysis Center (NH-ISAC), a non-profit organization that closely cooperates with government agencies and numerous healthcare and public health organizations. Schwartz writes, “The partnership will enable FDA and NH-ISAC to share information about medical device cybersecurity vulnerabilities and threats. It will foster the development of a shared risk framework where information about medical device vulnerabilities and fixes is quickly shared among health care and public health stakeholders.”

The FDA also released a final guidance for the Content of Premarket Submissions for Management of Cybersecurity in Medical Devices on October 1, which recommends that manufacturers incorporate cybersecurity risks into the design and development of a medical device, and submit documentation to the FDA about the identified risks and established mitigation controls.