by John R. Fischer
, Senior Reporter | October 12, 2018
The FDA has issued a new “playbook” in conjunction with the MITRE Corporation to assist health delivery organizations (HDOs) in combating and preventing cybersecurity attacks.
Dubbed the Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook
, the guidelines offer a holistic, systematic approach for establishing a medical device cybersecurity program with leadership and resources that build on the wider awareness and understanding already achieved by healthcare providers in addressing cybersecurity threats.
"Both healthcare facilities and medical device manufacturers recognize cybersecurity as a key business consideration and a fundamental patient safety issue," Sean Loughlin, AAMI vice president of communications and marketing, told HCB News. "We have also seen a large increase in healthcare technology management professionals working collaboratively with information technology departments to institute safeguards at their local institutions. Preparedness is moving in the right direction, but its success really hinges on leadership, expertise, and resources at any given organization."
Despite the rise in awareness about cyberattacks, many organizations lack appropriate cybersecurity leadership
, as evidenced in a 2017 survey by Black Book Research which found that 84 percent of healthcare providers lacked appropriate leadership for such instances, and that only 11 percent planned to hire a cybersecurity officer in the new year.
The playbook illustrates the responsibilities of different healthcare players, from manufacturers and hospitals to government entities and cybersecurity researchers, in initiating enhanced and effective, real-time responses to attacks while maintaining clinical operations.
The aim of this shared responsibility is to supplement existing HDO emergency management and incident response capabilities with regional preparedness and response recommendations for medical device cybersecurity incidents.
Derived from conversations with several HDOs, regional healthcare groups, researchers, state health departments and medical device manufacturers, the information included in the playbook is meant to assist HDOs in planning and practicing to manage incidents effectively when they occur, and to establish a cybersecurity preparedness and response framework, which begins with conducting device inventory and developing a baseline of medical device cybersecurity information.