Skip to main content

Post Topic: Medical Device Security

AI, Ransomware, and Medical Devices: Safeguarding Healthcare

Written by Julia Annaloro on . Posted in In The News.

McCrary Institute Cyber Focus Podcast

Host Frank Cilluffo interviews Errol Weiss, Chief Security Officer at the Health Information Sharing and Analysis Center (Health ISAC).

They discuss the evolving cybersecurity challenges in the healthcare sector, including ransomware, supply chain vulnerabilities, and the critical need for better security measures to protect medical devices and patient data. Weiss shares insights from his extensive experience in both healthcare and financial services cybersecurity, highlighting lessons learned, the role of information sharing, and the importance of proactive measures to mitigate risks.

Listen to the podcast on YouTube Click Here

Topics include:

  • Health and Ransomware

  • Outages in hospitals

  • Health cyber budgets

  • Security and Compliance

  • Lessons from FS

  • Future technology

  • Medical Devices

  • Cross-sector info sharing

  • Practical steps toward security

Leveraging ISO 81001-5-1 Amid Medical Device Procurement

Written by Julia Annaloro on . Posted in Health-ISAC, In The News, Medical Device Security.

Blog by Health-ISAC VP of Medical Device Security, Phil Englert

The ISO 81001-5-1:2021 standard Health software, and health IT systems safety, effectiveness, and security provides guidelines for the cybersecurity of health software and health IT systems, including medical devices. Part 5-1 focuses on security activities in the product life cycle.  This standard is critical for ensuring that medical devices are secure by design, protect patient data and maintain the integrity of health care operations.

The Secure Product Development Framework (SPDF) provides manufacturers with a set of processes that, when effectively implemented, can help manufacturers demonstrate a reasonable assurance of safety and effectiveness during the regulatory submission process. Manufacturers should integrate security into each phase of the development process, from design to deployment.

Read the full blog in TechNation here:

Click Here

Enhancing Cybersecurity in Rural Hospitals

Written by Julia Annaloro on . Posted in Health-ISAC, In The News.

Blog by Health-ISAC VP of Medical Device Security, Phil Englert

 

Rural hospitals face unique challenges, including financial constraints and staffing shortages.

Between 2010 and 2021, 136 rural hospitals closed, with a Crisis in Rural Healthcare report stating 600 more of the remaining 1,796 are at risk of closing. 

HealthIT Security.com reports that “Cyberattacks are pivoting to target smaller health care companies and specialty clinics without the resources to protect themselves, instead of larger health systems that – despite being treasure troves of personal and medical data – generally have more sophisticated security.” Most smaller hospitals are connected to larger systems becoming the “path of least resistance” into those larger health care networks increasing risk on a national level.

Read the full blog in TechNation here.

Click Here

Cyber Incident Response: Playbook for Medical Product Makers

Written by Julia Annaloro on . Posted in Health-ISAC, In The News.

New HSCC Publication Aims to Help Device, Drug Makers Improve Cyber Response

Read the full article in Healthcare Infosecurity here:

Click Here

 

Article excerpt:

Medical product manufacturers often face the same cyber incident response challenges as their peers in other industries, such as constraints in skills and technologies, said Phil Englert, vice president of medical device security at the Health Information Sharing and Analysis Center (Health-ISAC), and a contributor to the HSCC playbook.

But manufacturing processes to ensure medical products perform as intended are essential to protecting public health and may require reporting to other government agencies such as the Department of Health and Human Services or the Cybersecurity Infrastructure and Security Agency, he told Information Security Media Group.

For instance, “under section 506J of the Federal Food, Drug, and Cosmetics Act, during or in advance of a public health emergency, manufacturers of certain medical devices must notify the FDA of an interruption or permanent discontinuance in manufacturing,” he said.

“In addition to framing the incident severity assessment in terms of business impact, national security, or civil liberties, the guidance also impacts public health or safety in the incident response planning,” he said.

“Additionally, the guidelines infuse regulatory considerations into the cyber incident response team process, including reporting suspected or confirmed incidents to Health-ISAC and other information-sharing and analysis organizations.”

This site is registered on Toolset.com as a development site.