Cybeats Partners with Health-ISAC, a Global Healthcare Cyber & Physical Security Organization, to Deliver Joint Commercial Solution, ‘Health-ISAC SBOM Studio’
Link to press release:
TORONTO, Nov. 27, 2023 /CNW/ – Cybeats Technologies Corp. (“Cybeats” or the “Company”) (CSE: CYBT) (OTCQB: CYBCF) is pleased to announce a partnership with the Health Information Sharing and Analysis Center (“Health-ISAC” or the “Partner”), a global organization focused on enhancing cyber and physical security in the healthcare industry.1 Cybeats and Health-ISAC will go to market with a joint Software Bill of Materials (“SBOM”) management solution targeting Medical Device Manufacturers (MDMs) and Healthcare Delivery Organizations (HDOs).
The Health-ISAC membership includes over 700 healthcare providers, pharmaceutical companies, and MDMs from around the globe, who are actively committed to defending against cyber threats in healthcare. The partnership will offer ‘H-ISAC SBOM Studio‘ to H-ISAC members and the broader healthcare community, who are facing increasing regulations on cybersecurity and the adoption of SBOM. This partnership creates a significant revenue opportunity for Cybeats in the medical device industry. SBOM Studio2 has already been commercially validated in this market, and is being used by four of the top 10 global MDMs.3
“Partnering with Health-ISAC is a game-changing leap forward for SBOM adoption and medical device security. We’re now better positioned to equip the organizations that will realize the greatest benefit from our solutions—those already responding to an evolving regulatory and cyber threat landscape. We’re excited to strengthen our ties with the healthcare sector and are enthusiastic about the commercial opportunity this represents,” said Justin Leger, CEO of Cybeats.
The joint solution between Health-ISAC and Cybeats allows MDMs to upload and share SBOMs and Vulnerability Exploitability eXchange (VEX)4 security artifacts. Health-ISAC members, including HDOs, will benefit by having one central repository to access vital SBOM and vulnerability information, making the process less complex to address threats as they arise. This is a direct response to FDA’s new regulations and guidance, improving risk mitigation efforts, enhancing visibility, and streamlining regulatory remits. Cybeats and Health-ISAC will be sharing more information about this initiative at the upcoming Health-ISAC Fall Americas Summit in San Antonio, TX, November 27th to December 1st.5
“By partnering with Cybeats, Health-ISAC can offer free access to the SBOM repository for all health delivery organizations around the world – members and non-members alike. Health-ISAC has always held a unique position when it comes to Medical Device Security by bringing both the manufacturers and the healthcare delivery organizations together to address joint security issues. The SBOM repository is another ground-breaking step in enhancing security and resilience in the health sector,” said Phil Englert, Vice President of Medical Device Security at Health-ISAC.
FDA & Medical Device Security
The U.S. Food and Drug Administration’s (“FDA”) solidified its role in regulating medical device cybersecurity with its authority to approve or reject premarket submissions based on compliance with section 524B of the Federal Food, Drug, and Cosmetic Act (“FD&C Act”).6 This section mandates that Medical Device Manufacturers (“MDM”) provide a SBOM for their devices’ commercial, open-source, and off-the-shelf software components. To proactively manage cybersecurity risks, MDMs must maintain an accurate inventory of device components, develop vulnerability management and risk assessment processes, provide device patches, and maintain device change records. FDA’s Refuse-to-Accept (“RTA”) authority as of March 29, 2023, emphasizes the significance of SBOM management solutions like SBOM Studio. On September 26, 2023, FDA released final (revised) premarket cybersecurity guidance, which supersedes premarket cybersecurity guidance issued on October 2, 2014. The recommendations in FDA guidance are intended to help manufacturers meet their obligations under section 524B of the FD&C Act.