MedISAO, a provider of cybersecurity information, education and tools for the medical device industry, has signed a memorandum of understanding (MOU) with the US Food and Drug Administration’s (FDA) Center for Devices and Radiological Health (CDRH) and the National Health Information Sharing & Analysis Center (NH-ISAC).
A division of Promenade Software, MedISAO is an organization with members from the medical device community. It is dedicated to improve the security of medical devices through education, awareness and advocacy.
The three parties have a shared interest in encouraging the detection, mitigation, and prevention of cybersecurity threats to medical devices.
In conjunction with the FDA and NH-ISAC, MedISAO is working to develop a community that encourages and supports sharing of information on the vulnerabilities faced by medical devices.
If exploited, the vulnerabilities could compromise a medical device’s efficacy and can potentially endanger healthcare IT infrastructure patient safety.
The FDA is of view that participation in an ISAO is a critical component for a manufacturer to manage the threats.
The US regulator said is working hard to be prepared and responsive when medical device cyber vulnerabilities are identified.
MedISAO director Daniel Beard said: “The FDA has made it very clear that cybersecurity is a major concern. Manufacturers are not only expected to make cybersecurity part of their design and development, but they are also expected to monitor for vulnerabilities post-market.
“MedISAO can help by providing a community dedicated to keeping medical devices secure. We are happy to work together with the FDA towards that goal.”
MedISAO stated that medical device manufacturers which join as its members can gain access to coordinated vulnerability disclosure program and an automatic reporting form.
The membership can help in avoiding costly correction reporting when vulnerabilities are discovered and to provide access to training materials and security tools.
This procedure can help in reducing patient harm, while increasing privacy and security for everyone.
The organization is a registered ISAO providing compliance with the FDA’s recommendation in the Postmarket Management of Cybersecurity in Medical Devices.
In June 2017, MedISAO launched a coordinated vulnerability disclosure (CVD) program that allows users to get started, or augment their already established process.