Home » Developing Medical Device Cybersecurity Maturity Benchmarks

Developing Medical Device Cybersecurity Maturity Benchmarks

0 comment

) o
May 25, 2022
12 Minutes

An effort to establish industry benchmarks for medical device cybersecurity maturity aims to help advance overall cybersecurity in the healthcare sector, says Rob Su?rez, CISO of medical device maker Becton, Dickinson and Co., or BD.

The benchmark development effort is being championed by two health sector private-public coalitions – the Medical Device Innovation Consortium, or MDIC, and the Healthcare and Public Health Sector Coordinating Council, or HSCC – in partnership with consulting firm Booz Allen Hamilton, says Su?rez, who is chair of the MDIC cybersecurity working group leading the project.

A critical part of the benchmark development work will involve analysis of findings from a self-assessment cybersecurity maturity survey that medical device vendors are invited to take online.

The survey includes 44 questions based on the HSCC’s Medical Device and Health IT Joint Security Plan‘s maturity assessment framework. But an organization’s previous or current use of the Joint Security Plan is not a requirement for participation in the self-assessment survey, Su?rez says. He also says that all identifiable information provided by respondents will be kept confidential. Responses from the online survey will be gathered until June 1.

In developing the benchmark, MDIC and Booz Allen Hamilton will analyze the self-assessment survey findings and examine the medical device industry’s adoption of certain security best practices – such as the use of various design controls, according to Su?rez.

For instance, that might include evaluating the industry’s use of automation to analyze software and code, or static code analysis, Su?rez says in an interview with Information Security Media Group.

“That’s a best practice that many companies can implement within their own R&D organizations so that they are producing more secure software and code. It also reduces the amount of time [spent by] software developers to go back and fix their code,” he says.

“The benchmarking will allow you to establish ‘How good are you doing with static code analysis or vulnerability scanning?’ and other best practices,” he says. “Based on the industry benchmark, you can establish goals for your own organization … to improve and seek parity with the industry benchmark … or exceed it.”

In the interview (see audio link below photo), Su?rez also discusses:

Details about the medical device cybersecurity maturity self-assessment tool;
Common areas of medical device cybersecurity immaturity among organizations;
Ways to improve the state of medical device cybersecurity.

Su?rez serves as CISO at BD, overseeing cybersecurity across the company’s enterprise, IT and manufacturing systems. He also chairs the cybersecurity steering committee for the Medical Device Innovation Consortium and the cybersecurity working group for the Advanced Medical Technology Association.

You may also like

Leave a Comment


Cybernonstop is created to bring news and knowledge through articles to visitors.

Do not forget to subscribe.

Laest News

@2021 – All Right Reserved. Designed and Developed by PenciDesign