MITA publishes new standard for medical device security

por John R. Fischer, Senior Reporter | October 15, 2019
Cyber Security Health IT
MITA has released a new standard that calls for
manufacturers to share with healthcare delivery
organizations standardized information on
security control features within
medical devices
The Medical Imaging & Technology Alliance (MITA) has released a new standard geared toward supporting security risk management within healthcare delivery organizations.

Named NEMA/MITA HN 1-2019, Manufacturer Disclosure Statement for Medical Device Security (MDS2), the voluntary standard calls for manufacturers to be more transparent with healthcare delivery organizations by offering standardized information on security control features integrated within medical devices.

“Cybersecurity is about managing risk, and risk management is most effective when information is available. The information shared by manufacturers in the MDS2 is intended to help healthcare delivery organizations assess risks and make informed decisions about how to deploy devices in their environment,” Zack Hornberger, director of cybersecurity and informatics at MITA, told HCB News. “All the information shared by manufacturers in the MDS2 can help a healthcare delivery organization better protect their environment.”
DOTmed text ad

Reveal Mobi Pro now available for sale in the US

Reveal Mobi Pro integrates the Reveal 35C detector with SpectralDR technology into a modern mobile X-ray solution. Mobi Pro allows for simultaneous acquisition of conventional & dual-energy images with a single exposure. Contact us for a demo at no cost.

Cybersecurity was ranked as number one in ECRI Institute’s list of Top 10 Health Technology Hazards for 2019 report last year, marking its second year as the top hazard. In addition, a recent survey conducted by LexisNexis Risk Solutions and Information Security Media Group demonstrates that HCOs have high levels of confidence in their cybersecurity preparedness despite most surveyed organizations using only basic user authentication methods against an increasing number of patient identity theft and fraud instances in the marketplace.

MDS2 was developed by MITA and a diverse group of interested parties. It includes a form to provide healthcare delivery organizations with crucial information and security control features within their devices, and defines the roles of manufacturers and healthcare delivery organizations.

It also refers to medical device security as a shared responsibility. It is this view on shared responsibility that aligns the standard with the position of the FDA, which released in October 2018 a "playbook" for instructing providers how to form individual emergency response plans to address threats to medical device cybersecurity. In it, the FDA states that manufacturers, hospitals, health care providers, cybersecurity researchers, and government entities are all responsible for ensuring the protection of their devices.

"Both healthcare facilities and medical device manufacturers recognize cybersecurity as a key business consideration and a fundamental patient safety issue," Sean Loughlin, AAMI vice president of communications and marketing, told HCB News at the time. "We have also seen a large increase in healthcare technology management professionals working collaboratively with information technology departments to institute safeguards at their local institutions. Preparedness is moving in the right direction, but its success really hinges on leadership, expertise, and resources at any given organization."

MITA plans to work with its partners to properly implement MDS2 over the next several months.

You Must Be Logged In To Post A Comment