July 26, 2023
Following the release of the National Cybersecurity Strategy (NCS) in March of this year, the Biden-Harris Administration followed up with a National Cybersecurity Strategy Implementation Plan (NCSIP) in July. Both documents express the urgency to improve US government and critical infrastructure cybersecurity posture and recognize the growing cyber threats to our citizen, economy, and sensitive information. This critical infrastructure includes healthcare and by extension medical devices.
The aim of the National Cybersecurity Strategy is to strengthen the collaboration among stakeholders to defend critical infrastructure, disrupt and dismantle threat actors, help shape market forces to drive security and resilience, invest in a more cyber-secure future, and forge international alliances in support of these goals.
One clear message that strategy and implementation plan deliver is the need to shift cybersecurity responsibility from the end user (such as the owners or operators) to the biggest, most capable, and best-positioned entities — meaning producers of software and devices will need to assume a greater share of the burden for reducing cyber risk. It also includes incentives to favor long-term investments into cybersecurity.
Those in the medical device industry will recognize parallels with other government initiatives, including H.R.2617 — Consolidated Appropriations Act (Omnibus Bill, Dec. 2022, being the first federal laws requiring medical device security), giving FDA explicit authority on cybersecurity, as demonstrated through the “Cybersecurity in Medical Devices: Refuse to Accept Policy for Cyber Devices” (under Section 524B of the FD&C Act).
The Cybersecurity Implementation Plan details more than 65 high-impact Federal initiatives, from protecting American jobs by combating cybercrimes to building a skilled cyber workforce equipped to excel in our increasingly digital economy.
A total of 18 agencies will be leading these initiatives and whole-of-government approach, demonstrating the deep commitment to a more resilient, equitable, and defensible cyberspace.
The cybersecurity industry is no longer future gazing at what the impact on medical devices will be. Instead the reality we are living everyday shows establishing a proactive cybersecurity program is an imperative for businesses to thrive. This is a hard problem to address and requires collaboration across multiple-functions that sometimes have conflicting motivators (see our white paper here which outlines some of these).
The message delivered across government initiatives, from White House to FDA, is clear — medical devices need to be “secure by design” and “secure by default”, thus relieving the burden from hospitals to secure these devices on their networks.
MedCrypt provides medical device cybersecurity products and services that meet regulatory guidance requirements. Schedule a meeting with us at info@medcrypt.com and learn more about our solutions.
December 13, 2024
December 4, 2024
Get the latest healthcare cybersecurity news right in your inbox.
We'll never spam you or sell your information