On Dec 29, President Biden signed into law a $1.7 trillion omnibus spending bill that has significant implications for healthcare as well as for how security for medical devices are regulated and enforced. Manufacturers must now include evidence of security controls and security testing, as well as plans to maintain device’s security posture through updates and patches, all supported by documented evidence, e.g., a software bill of materials for commercial, open-source, and off-the-shelf software components.
See what people are saying about our advancements towards a more secure future of healthcare.
Cybersecurity used to be seen as a compliance initiative in healthcare but has become a patient safety and business imperative in recent years. For MDMs, tying market delays and metrics to a lack of security will inspire faster action. For HDOs, assessing strategies for incoming devices can start to shift the tide in how risks expand.
Healthcare is a cyber criminal’s dream. It presents the intersection of a data treasure trove, weak security posture, limited resources, complicated supply chain, and patient care delivery. Originally published at https://hitconsultant.net on February 24, 2022.
As with all new technology with great promise, connectivity in medical devices comes with new risks. The medical device industry needs more sound, rigorous, and scalable methods to generate and use evidence of cybersecurity risk. Read more about the new approaches device manufacturers should consider.