H-ISAC (Health Information Sharing and Analysis Center) today released a set of media education materials covering broad medical device security, including the coordinated vulnerability disclosure process for medical devices. The materials include:
- A document providing general education on medical device security, including links to the FDA’s cybersecurity terms glossary and pre-and post-market guidance;
- An abbreviated version of the document outlined above; and
- A document outlining the coordinated vulnerability disclosure process.
The materials were developed by a working group within the H-ISAC Medical Device Security Information Sharing Council (MDSISC). The MDSISC consists of 331 volunteers from 49 medical device manufacturers who collaborated with their hospital user group of 64 health delivery organizations working together to develop solutions, best practices, and exchange information that will result in a more efficient and secure use of medical devices and related practices. The materials are intended to be high level and a quick read. The documents are available on the H-ISAC website here https://h-isac.org/cvd-media-kit/ and the industry can point journalists and other stakeholders to these materials with the goal of driving accurate and balanced reporting of medical device vulnerability disclosures.
“Clear communication of medical device vulnerabilities is critical for the industry,” said Matt Russo, Senior Director of Product Security, Medtronic. “As key stakeholders, we hope this newly-developed content will help media and other key partners better understand the landscape and navigate the complexities of device security.”
“Medical device manufacturers are making a conscious effort to disclose vulnerabilities as they arise. Sometimes, news stories that result from these disclosures distort the impact of the actual vulnerabilities and cause panic or confusion. We hope these newly-developed resources will help inform and educate the journalists who write about these disclosures to truly understand the nature of the vulnerabilities and report on them accordingly,” said Denise Anderson, President & CEO, Health-ISAC.
About H-ISAC (Health Information Sharing and Analysis Center)
Health-ISAC is a trusted community of critical infrastructure owners and operators within the global Health sector. Members share timely, actionable, relevant information including intelligence on threats, best practices and mitigation strategies. Working together, the health sector becomes more resilient worldwide. Visit the website at www.h-isac.org to learn more.