FDA Playbook on Medical Device Cybersecurity
Nathan E Botts
/ Categories: Sources, Security

FDA Playbook on Medical Device Cybersecurity

Regional Incident Preparedness and Response Playbook

 

From the MITRE website:

The Medical Device Cybersecurity Regional Incident Preparedness and Response Playbookoutlines a framework for health delivery organizations (HDOs) and other stakeholders to plan for and respond to cybersecurity incidents around medical devices, ensure effectiveness of devices, and protect patient safety.

The healthcare sector knows how to prepare for and respond to natural disasters. It is less prepared, however, to handle cybersecurity incidents, particularly those involving medical devices. Recent global cyber attacks highlighted the need for more robust cybersecurity preparedness to execute an enhanced, effective, real-time response that enables continuity of clinical operations.

Using mobile devices to store, process, and transmit patient information has become increasingly popular amongst healthcare providers. When health information is compromised, organizations can face penalties and lose consumer trust, and patient care and safety may be at risk.

To address this challenge, cybersecurity experts at the NCCoE collaborated with the healthcare industry and technology vendors to develop an example solution to show healthcare providers how they can secure electronic health records on mobile devices. The solution is guided by standards and best practices from NIST and others, including the Health Insurance Portability and Accountability Act (HIPAA) rules.

The playbook supplements existing HDO emergency management and/or incident response capabilities with regional preparedness and response recommendations for medical device cybersecurity incidents. The playbook outlines how hospitals and other HDOs can develop a cybersecurity preparedness and response framework, which starts with conducting device inventory and developing a baseline of medical device cybersecurity information.

Please send comments or suggestions about the Playbook to [email protected]

Previous Article Securing Electronic Health Records on Mobile Devices
Print
5165 Rate this article:
No rating
0Upvote 0Downvote
Please login or register to post comments.
All information, thought, and references provided on Health eConsultation is intended for informational and educational purposes only. Health eConsutlation currently makes no attempt at HIPAA privacy compliance. Any trade names used are information and details given for the convenience of users and do not constitute an endorsement from Health eConsultation.
Use this site at your own risk, and do not use the information to make medical or legal decisions without first seeking guidance from a medical or legal professional.
Plain and simple, ads are used to help pay for the cost of the server and resources required to serve Health eConsultation members and provide an objective resource of health information and health education. Subscribers of Health eConsultation can access the site without having to view ads.
OUR SERVICES
We are passionate about the therapeutic benefits that can be derived from appropriately applied health education .
More informed patients are healthier and less costly to provide care to.
We seek to give consumers and patients a voice, because in the end we are them.
Evidence based practices is what nurtures a thriving health system.

HEALTH IT EDUCATION - KNOWLEDGE IS POWER

 
WHO WE ARE
Health eConsultation members believe that health improvement is about patient knowledge, motivation and opportunity to act in concert with healthcare professionals to improve their condition.
OUR PURPOSE
Our primary purpose is to build a community around unbiased Health IT education so that people are able to focus on the information they need without having to navigate the vast amount of information that is available on the web.
LEVERAGE VS BUILD
Health eConsultation seeks to leverage responsible, engaging and, hopefully, motivating education, and information resources. The idea is not to scrape the content of other sites, but to investigate, synthesize, and report in order to create an evidence-base founded on increased rigor and research.
RESOURCES & REFERENCES
Health eConsultation educational material and website information are provided primarily through free resources, although some sites mentioned might require further registration and payment for particular membership or services.
DISCLAIMER
All information, thought, and references provided on Health eConsultation is intended for informational and educational purposes only. Health eConsutlation currently makes no attempt at HIPAA privacy compliance. Use this site at your own risk, and do not use the information to make medical decisions without first seeking guidance from a medical professonal.
CUSTOMIZED LEARNING
By registering with Health eConsultation you can participate in comments, ratings, and bookmarking. You can also keep track of the time that you spend learning about certain topics for your own records or to share whith health professionals you are working with.