The Medical Imaging & Technology Alliance (MITA) has issued a new medical device security standard that gives healthcare delivery organizations (HDOs) vital facts concerning risk management and medical device security controls to protect the medical equipment against suspicious access and cyberattacks.
The new voluntary standard, referred to as Manufacturer Disclosure Statement for Medical Device Security (MDS2) (NEMA/MITA HN 1-2019), was designed jointly with a diversified mix of industry stakeholders and conforms to the 2018 U.S. Food and Drug Administration (FDA) Medical Device Cybersecurity Playbook, published in October 2018.
The guidance points out that cybersecurity of healthcare devices is a combined liability. HDOs need to team up with medical device companies to make sure that guidelines are implemented. Device producers, HDOs, government organizations, and cybersecurity analysts should join hands to make certain that dangers to medical devices are controlled and minimized to acceptable and proper levels.
The new standard is designed to aid in streamlining communications between HDOs and device producers, improve freedom of information, and clear up the tasks of each with regard to the safety of medical gadgets.
Principal Information Security Analyst Tim Walsh of CIS Operations, Mayo Clinic, and MDS2 Canvass Group member mentioned that transparent facts and quickness of acquiring that data from companies to HDOs are critical, and this Standard assists to foster each.
The new standard comprises of data on the basic security controls built into medical devices to make certain that they match industry specifications and could be employed safely and securely; nonetheless, it is the HDOs’ obligation to make certain that the devices are installed appropriately. HDOs ought to examine medical device security controls and figure out whether or not they are suitable, perform within their own conditions, and permit risk to be properly controlled and supervised.
There were worksheets designed for examining the characteristics and security functionality of every medical device, which include the requirements, the supervision of personally identifiable information, authorization regulation, audit regulation, information backup and disaster recovery features, anti-malware protections, data integrity controls, connectivity, node authentication, safety guidance, how cybersecurity enhancements will be done in the course of the device lifecycle, and other primary data for HDOs.
Medical device producers need to accomplish the worksheets to give HDOs the techie data they are going to require to do their own safety risk assessments and develop their security risk management plans.
Though the MDS2 form consists of vital technical details on medical devices, MITA stated that it isn’t supposed to be employed as the lone basis for medical device purchase, as crafting medical device procurement specs demands more considerable knowledge of an HDO’s safety environment and healthcare quest.
The details on the MDS2 form have to be merged with complete information compiled with regards to the care delivery environment wherein the devices are going to be utilized. Tools, for instance, ECRI’s Guide for Information Security for Biomedical Technology are beneficial in this aspect.