Medical Device Cybersecurity - Regional Incident Preparedness and Response Playbook by MITRE for US FDA #hcsmeufr #esante
Cybersecurity attacks on Healthcare and Public Health (HPH) critical infrastructure, such as healthcare delivery organizations (HDOs), are occurring with greater frequency. Disruptions in clinical care operations can put patients at risk.
Securing critical infrastucture is a shared responsibility across many stakeholders, and with respect to medical
devices the primary stakeholders are FDA, Medical Device Manufacturers (MDMs), and HDOs.
A common preparedness and response challenge FDA heard from its stakeholders in the aftermath of the aforementioned attacks is that
- HDOs did not know with whom to communicate (e.g. MDM-HDO interactions);
- what actions they might consider taking;
- and what resources were available to aid in their response.
Without timely, accurate information and incorporation of medical device cybersecurity into their organizational emergency response plans, it was difficult for HDOs to assess and mitigate the impact of these attacks on their medical devices.
To address this unmet need, the MITRE team (with the support of FDA), engaged with a broad distribution of stakeholder groups to understand the gaps, challenges, and resources for HDOs participating in medical device cybersecurity preparedness and response activities.
Their efforts resulted in the creation of this playbook that may serve as a resource for HDOs.
The playbook provides a stakeholder-derived, open source, and customizable framework that HDOs may choose to leverage as a part of their emergency response plans in order to ultimately limit disruptions in continuity of clinical care as well as the potential for direct patient harm stemming from medical device cyber security incidents.
The link to the PDF of the first version of the playbook -> https://www.mitre.org/sites/default/files/publications/pr-18-1550-Medical-Device-Cybersecurity-Playbook.pdf
