New HSCC Publication Aims to Help Device, Drug Makers Improve Cyber Response
Read the full article in Healthcare Infosecurity here:
Article excerpt:
Medical product manufacturers often face the same cyber incident response challenges as their peers in other industries, such as constraints in skills and technologies, said Phil Englert, vice president of medical device security at the Health Information Sharing and Analysis Center (Health-ISAC), and a contributor to the HSCC playbook.
But manufacturing processes to ensure medical products perform as intended are essential to protecting public health and may require reporting to other government agencies such as the Department of Health and Human Services or the Cybersecurity Infrastructure and Security Agency, he told Information Security Media Group.
For instance, “under section 506J of the Federal Food, Drug, and Cosmetics Act, during or in advance of a public health emergency, manufacturers of certain medical devices must notify the FDA of an interruption or permanent discontinuance in manufacturing,” he said.
“In addition to framing the incident severity assessment in terms of business impact, national security, or civil liberties, the guidance also impacts public health or safety in the incident response planning,” he said.
“Additionally, the guidelines infuse regulatory considerations into the cyber incident response team process, including reporting suspected or confirmed incidents to Health-ISAC and other information-sharing and analysis organizations.”
