When it comes to cybersecurity, the American Hospital Association believes device manufacturers should be held responsible.
In a recent letter to the FDA, as part of a request for comments on the FDA's "Collaborative Approaches for Medical Device and Healthcare Cybersecurity," which was published in the Federal Register on Sept. 23, the organization acknowledged risks, as well as who should be accountable for addressing them.
"Hospitals and health systems must consider the full spectrum of cyber threats, not just those involving medical devices. However, medical devices have been identified as key vulnerabilities and high-risk areas for the security of hospitals’ overall information systems. The HPH [Healthcare and Public Health] sector cannot successfully protect against cyber risk unless all parts of the sector actively manage risk. Therefore, medical device security must be seen as both an issue to address on its own and as a component part of the overall landscape."
These obligations, according to the letter, include, "safeguarding confidentiality of patient data, maintaining data integrity and assuring the continued availability of the device itself."
Data is a big issue these days in healthcare, more specifically, who is responsible for not only storing it, but also keeping it safe.
In their letter, the American Hospital Association, also feels that device makers should actively participate in existing information-sharing activities.
"These various public, private and joint forums allow participants to share the threats and vulnerabilities they observe, and learn how best to protect against emerging attacks. Given the interconnected nature of health care today, the AHA would discourage the formation of a separate, stand-alone information-sharing forum for the medical device community, although we recognize that separate activities within the medical device sector may be useful for technical conversations. Any cybersecurity discussions internal to the medical device community should be systematically brought to the larger, existing information sharing platforms."
The specific platforms they cited were the Healthcare and Public Health Sector Coordinating Council, the Healthcare and Public Health Information Sharing and Analysis Center, the Health Information Trust Alliance InfraGard and the Industrial Control Systems Cyber Emergency Response Team.
Read the full letter by clicking here and then scroll down the the Nov, 21 post titled, "AHA to FDA Re: Collaborative Approaches for Medical Device and Healthcare Cybersecurity."