The Medical Device Innovation, Safety and Security Consortium is set to open a new security testing lab in the UK to address existing cyber security issues in medical devices at healthcare organisations.
The new security testing lab in the UK will run medical devices through tough and realistic test regimes to uncover their security vulnerabilities.
At the same time, the security testing lab (which is otherwise known as WHISTL: World Health Information Security Testing Lab) will also thoroughly vet critical care environments like operating theatres, Intensive Care Units and emergency rooms for vulnerabilities.
The Medical Device Innovation, Safety and Security Consortium (MDISS) already runs a WHISTL facility in the United States and is aiming to open one security testing lab each in the UK, Israel, Finland, and Singapore by the end of this year. Each such centre will be independently run by an MDISS-affiliated healthcare organisation, a medical device manufacturer, a university or a technology company.
“Medical devices are still on the frontier of cybersecurity, and security best practices for devices are still maturing. Our new WHISTL facility enables us to run medical devices through tougher, more realistic test regimes. Hidden vulnerabilities surface more quickly, and that helps us build more responsive standard operating procedures,” said Benjamin Esslinger, CBET manager/clinical engineer at Eskenazi Health.
Even security vulnerability discovered by research teams at MDISS' security testing labs is reported to the concerned medical device managers as well as to the NHISAC-MDISS Medical Device Vulnerability Program for Evaluation and Response.
Along with testing medical devices, these centres also share best practices and solutions to ensure all vulnerabilities are plugged wherever certain devices are in use.
“WHISTL will provide much-needed insight from actual developers and users of medical devices, which will result in increased relevant and actionable information sharing and situational awareness for all stakeholders in healthcare”, said Denise Anderson, president of NH-ISAC, which is a non-profit organisation responsible for the healthcare sector's cyber security in the United States.
Thanks to a $1.8M contract from the U.S. Department of Homeland Security (DHS), MDISS has been able to build a platform named MDRAP (medical device risk assessment platform) which helps healthcare organisations, manufacturers, and technology companies share device risk assessments. Undoubtedly, this platform will go a long way in helping our healthcare industry uncover security vulnerabilities if the NCSC grants MDISS a similar contract.
“MDISS WHISTL facilities will dramatically improve access to device security know-how while protecting patient privacy and stakeholder intellectual property. Solid cyber-lab governance will support an international-scale network of research and training centers of excellence, designed especially for medical device designers, hospital IT, and clinical engineering professionals,” said Dr. Nordenberg, MD, Executive Director of MDISS.
Source: Med-Tech Innovation