Medical Device Cybersecurity Emphasis for New AEHIS/ MDISS Partnership

A new working relationship d between CHIME’s Association for Executives in Healthcare Information Security (AEHIS) and the Foundation for Innovation, Translation and Safety Science’s Medical Device Innovation, Safety and Security Consortium (MDISS) will focus on helping advance medical device cybersecurity and improve patient data security.

The two groups will cooperate to aid members identify, mitigate, and prevent cybersecurity threats by issuing cybersecurity best practices, teaching about the threats to device security, training members, and promoting data sharing.

For the past three years, AEHIS has been assisting healthcare groups improve their information security defences. More than 700 CISOs and other healthcare IT security leaders have availed of the education and networking potential provided by AEHIS. AEHIS helps its members protect patients from cyber threats, including cyberattacks on their medical devices, through its educational efforts, sharing best practices and many other activities.

MDISS now includes more than 2,000 hospitals and dozens of medical device manufacturers who are cooperating to enhance medical device cybersecurity. MDISS has assisted to help make medical device risk assessments cheaper, faster, and more accessible, while bringing together regulatory bodies, patient advocates, insurers, security researchers, medical device producers, and healthcare providers to advance best practices in medical device cybersecurity and risk management.

It is hoped that the collective voice of AEHIS and MDISS will help to proress information security measures and ensure patients – and health data – are better protected.

“The scale and reach of AEHIS’ education network is a perfect complement to MDISS’ continuous release of envelope-pushing technologies and best practices,” stated Dale Nordenberg, executive director of MDISS. “AEHIS will play a key role in accelerating the adoption of next-generation medical device security assessment platforms like MDRAP.”

Key Aims of the New Relationship

  • Teaching healthcare groups about medical device cybersecurity methods
  • Formulating and sharing medical device cybersecurity best practices
  • Promoting the implementation of the NIST’s cybersecurity framework
  • Finding new best practices for securing medical devices and mitigating weaknesses
  • Increasing awareness of medical device weaknesses among federal policymakers
  • Identifying best practices to engage members in advocacy for cyber safety of medical devices
  • Reviewing the issues that are stopping the sharing of cybersecurity and medical device weakness information and helping to support information sharing through existing or modified information sharing attempts.

Author: Maria Perez