Health-ISAC published a whitepaper addressing the tasks needed to maintain the cyber resilience of medical devices and how the responsibilities may shift from party to party throughout the total product. As medical devices move through the lifecycle phases, the responsibility for tasks may transfer between the manufacturers and the customer. The Health-ISAC whitepaper identifies that communication between the two parties is essential as the device moves through the lifecycle so that tasks are coordinated, and security gaps within the product are reduced.
Titled ‘Exploring the Cybersecurity Roles of Manufacturers and Healthcare Organizations During the Medical Device Lifecycle,’ the white paper identified that medical devices go through four lifecycle phases, with varying levels of responsibilities placed on the medical device manufacturer and the healthcare delivery organization. Healthcare delivery organizations (HDOs) should perform more regular risk assessments going into end of life (EOL) and end of support (EOS) to determine if they can accept the risk of continued use. It also points out that the responsibility for maintaining a medical device’s cybersecurity posture evolves throughout the lifecycle of a device.
Read the full article in Industrial Cyber. Click Here
