Nonprofit to develop medical device security guidelines
The Center for Internet Security (CIS) announced an initiative to help bolster the protection of internet-enabled medical devices from cyber attacks. CIS has issued a request for information to U.S. medical device manufacturers to invite voluntary participation in the development of security control guidelines for reducing cyber risk to medical devices.
The guidelines will provide clear recommendations on how device manufacturers should securely configure medical devices. These benchmarks are intended to build upon the FDA's draft "Content of Premarket Submissions for Management of Cybersecurity in Medical Devices."
The first benchmarks will be focused on insulin infusion pump technologies, with future benchmarks being developed for other medical devices on an ongoing basis.
Doctors and other healthcare providers are beginning to routinely access implanted medical devices (IMDs) such as insulin pumps, pacemakers and defibrillators over the internet, according to the CIS announcement. But, this kind of access comes with risk. As indicated in recent safety notices issued by the FDA and the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), hardcoded password vulnerabilities were found in approximately 300 medical devices. These findings make clear that the risks are real and much more needs to be done to improve cyber security within the medical device industry.
"The technological advancements that enable healthcare providers to embed life-saving devices and treat patients remotely are tremendous. We must do everything we can to protect those devices and the patients who rely on them. CIS is pleased to lead this collaborative effort to develop well-defined security baselines that can help further strengthen defenses against cyber attack," said William F. Pelgrin, CIS president and CEO.
CIS has been helping to build consensus on secure configuration settings across a range of information technologies for 13 years, and will bring this experience to assist manufacturers in developing configuration security benchmarks for their medical devices. CIS is teaming up on this initiative with the National Health Information Sharing and Analysis Center, a national coordinating center to help protect the nation's healthcare and public health critical infrastructure against security threats and vulnerabilities.
The first healthcare provider to join in this initiative is the Albany Medical Center, a nationally recognized academic health science center.
Editor
Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.