NORTHBROOK, Ill., Oct. 16, 2019 /PRNewswire/ -- The U.S. Department of Veteran Affairs (VA) and UL, a global safety science organization, today announced the completion of a two-year Cooperative Research and Development Agreement (CRADA) Program for medical device cybersecurity. As medical devices are susceptible to cybersecurity attacks, creating both patient safety risks and disclosure risks for protected health information, the VA and UL sought to address an existing gap in the marketplace for cybersecurity standards and practical certification approaches for connected medical devices.
With the Internet of Medical Things (IoMT) revolutionizing patient care, increasing efficiency and improving healthcare quality, the VA aimed to find solutions for securing large-scale IoMT device deployments supporting mission-critical care delivery for roughly nine million patients under its care. Historically, patching and reconfiguring devices to extend service lifetimes has resulted in devices with outdated, vulnerable software, presenting cybersecurity challenges, and in turn, greater patient risk. Between 2016 and 2018, VA and UL used the UL 2900 Series of Standards as a benchmark to identify critical cybersecurity vulnerabilities in connected medical device deployment and lifecycle management as well as create baseline cybersecurity requirements for medical device manufacturers.
"The VA and UL teams drove the exchange of information between public and private sector knowledge and approaches to patient safety and security," said Anura Fernando, chief innovation architect, Life and Health Sciences, UL. "This collaboration helped us uncover new insights and further accelerate the sharing of medical device cybersecurity information, standards and lifecycle requirements with the intention of benefitting not only the VA hospital system but also the larger U.S. healthcare system of providers and manufacturers."
Midmark Workstations are made to order with customization that can assist with the integration of telehealth and other technology at the point of care, wherever that may be. See more>>>
As part of the CRADA project, a task group of VA, UL and public sector and private collaborators convened to address healthcare technology challenges by identifying security gaps between in-home and in-facility care, ensuring product functionality for FIPS 140-2 compliance and accelerating the adoption of leading-edge equipment. The team also conducted a simulated "hacking" demonstration at a Veterans Health Administration (VHA) site in Tampa, Fla., using ICU Medical's Plum 360 Infusion Pump, a UL 2900 certified medical device.