HSCC releases medical device, health IT cybersecurity plan
A private-public coalition of healthcare stakeholders has issued a consensus-based guide for developing, deploying, and supporting cyber-secure medical devices and health IT across their product lifecycles.
A private-public coalition of healthcare stakeholders has issued a consensus-based guide for developing, deploying, and supporting cyber-secure medical devices and health IT across their product lifecycles.
The Joint Security Plan, developed by the Healthcare and Public Health Sector Coordinating Council, is a voluntary framework meant to improve industry-wide cybersecurity and information sharing.
“The goal of this effort was to align cybersecurity priorities and processes between medical device manufactures and healthcare providers to lower the cybersecurity risk in medical devices,” said Kevin McDonald, co-chair of the initiative and director of clinical information security at the Mayo Clinic. “By creating this alignment, we can strengthen the security of medical technology against cyber threats, improve cyber risk management within healthcare organizations, and better protect patient safety.”
According to HSCC, the JSP responds to a set of recommendations issued in June 2017 by the Health Care Industry Cybersecurity (HCIC) Task Force, which was established by the Department of Health and Human Services as directed by the Cyber Security Act of 2015.
Also See: HHS issues voluntary healthcare cybersecurity practices
While the JSP is not a standard, HSCC sees the “total product lifecycle reference guide” as a “unifying plan which medical technology companies can voluntarily commit to and healthcare providers can request from their vendors.”
Among other topics, the plan covers the following cyber areas:
Comments regarding the plan can be emailed to JSPFeedback@HealthSectorCouncil.org.
The Joint Security Plan, developed by the Healthcare and Public Health Sector Coordinating Council, is a voluntary framework meant to improve industry-wide cybersecurity and information sharing.
“The goal of this effort was to align cybersecurity priorities and processes between medical device manufactures and healthcare providers to lower the cybersecurity risk in medical devices,” said Kevin McDonald, co-chair of the initiative and director of clinical information security at the Mayo Clinic. “By creating this alignment, we can strengthen the security of medical technology against cyber threats, improve cyber risk management within healthcare organizations, and better protect patient safety.”According to HSCC, the JSP responds to a set of recommendations issued in June 2017 by the Health Care Industry Cybersecurity (HCIC) Task Force, which was established by the Department of Health and Human Services as directed by the Cyber Security Act of 2015.
Also See: HHS issues voluntary healthcare cybersecurity practices
While the JSP is not a standard, HSCC sees the “total product lifecycle reference guide” as a “unifying plan which medical technology companies can voluntarily commit to and healthcare providers can request from their vendors.”
Among other topics, the plan covers the following cyber areas:
- Cybersecurity practices in design and development of medical technology products
- Handling product complaints relating to cybersecurity incidents and vulnerabilities
- Managing security risk management throughout the lifecycle of medical technology
- Assessing the maturity of a product cybersecurity program
Comments regarding the plan can be emailed to JSPFeedback@HealthSectorCouncil.org.
More for you
Loading data for hdm_tax_topic #better-outcomes...