Health-ISAC mention in Med Device Online: It is strongly recommended that medical device manufacturers join the Health Information Sharing and Analysis Center4 (Health-ISAC) to obtain complimentary information from additional threat intelligence sources. Since threats are constantly evolving, it is important to leverage threat intelligence sources to gain knowledge on the latest threats, learn how attackers may target your devices, and implement the appropriate actions.
By John Giantsidis, president, CyberActa, Inc.
Healthcare is increasingly dependent on digital services and connected medical devices, leading to an increase in cyberattacks, primarily due to the value of data that can be obtained. Regulations play a key role in defining cybersecurity requirements and adopting cybersecurity and data protection related measures. The FDA has been involved in medical device cybersecurity since the 2000s and is moving forward with its overhaul of its medical device cybersecurity expectations. In an earlier article, I provided a detailed evaluation of FDA’s latest guidance, highlighting all the areas and actions that a medical device manufacturer will need to address.1 In this article series, I will detail and expand upon on how to best “teach” your QMS cybersecurity. In Part 1, I will discuss the fundamental activity of threat modeling. Part 2 will cover how to best implement security by design in your organization. I will examine the integration of security risk management into the medical device risk management program in Part 3. Lastly, in Part 4, I will go through the steps to plan, execute, report, and act upon penetration testing and vulnerability scanning, how to interpret the results, and how to prioritize your efforts.
Please go to Med Device online to read this article: