Device functionality, stakeholder focus on the update of the medical device safety guide

Miter and the FDA updated the year-old Regional Medical Device Cybersecurity Incident Preparedness and Response Handbook with a focus on device functionality and stakeholder preparedness and response. (Army)

Miter and the Food and Drug Administration have released an update to their Regional Medical Device Cybersecurity Incident Preparedness and Response Handbook, with particular emphasis on incidents that could affect a device’s operation and the significance to involve a wide range of stakeholders in preparedness and response activities.

“Threats or vulnerabilities that raise patient safety concerns and have the potential to impact multiple patients at scale are of particular concern,” the report said. “The playbook is not intended to facilitate day-to-day device risk management.”

Overall, the playbook is intended as a starting point for entities that do not have a medical device cybersecurity response plan in place and can be integrated into existing response plans. It should be seen as a tool for preparedness and response activities.

Released just over a year ago, the resource aims to help organizations prepare for the inevitable cyber incident by focusing on proactive cyber security measures and understanding the necessary response measures to cyber disruptions that create security issues. medical devices.

The FDA worked with Miter and the Medical Device Innovation Consortium (MDIC) on the development of the initial release and update in hopes of helping entities develop a systemic and consistent threat modeling process for these critical challenges. The groups held several threat modeling bootcamps for device makers, which informed guidance.

Updates include information on building diverse teams for participation in preparedness and response exercises, such as clinicians, health technology management, IT and other departments, as well as a new resource appendix with tools and references to better understand the most important elements of response teams.

The insights revolve around the critical need to consider the operational impacts of extended and widespread downtime when recovering from a cyberattack and the benefit of leveraging regional response models and partners.

The release follows the cyberattack and subsequent network outages at CommonSpirit Health care sites across the country. The health system’s electronic health record system and critical care devices were offline for more than a month after the initial incident and only recently brought the majority of its systems back online.

The outages led to a diversion of care and paper-based processes, with patients reporting to local media that their care had been heavily impacted during this time.

Indeed, when SC Media last spoke with Margie Zuk, Principal Cybersecurity Engineer, and Penny Chase, Information Technology and Cybersecurity Integrator, Miter Cyber ​​Tech Center health officials Solutions, they urged supplier organizations to return to proactive security measures and practice response plans.

“Priorities will change as people understand the implications of attacks on downstream hospitals,” Zuk said at the time. “Especially with healthcare, they have so many goals to achieve in a hospital, and patient safety is their primary focus. People are realizing that security is an important part of it due to the impacts of cyber attacks. I don’t think people previously tied this together as closely as they do now.


About Author

Comments are closed.