The Health Information Sharing and Analysis Center (H-ISAC) has released a set of media education materials covering broad medical device security, including the coordinated vulnerability disclosure process for medical devices. The materials include:

  • A document providing general education on medical device security, including links to the FDA’s cybersecurity terms glossary and pre-and post-market guidance
  • An abbreviated version of the document outlined above
  • A document outlining the coordinated vulnerability disclosure process.

The materials were developed by a working group within the H-ISAC Medical Device Security Information Sharing Council (MDSISC). The MDSISC consists of 331 volunteers from 49 medical device manufacturers who collaborated with their hospital user group of 64 health delivery organizations working together to develop solutions, best practices, and exchange information that will result in a more efficient and secure use of medical devices and related practices. 

“Clear communication of medical device vulnerabilities is critical for the industry,” says Matt Russo, senior director of product security, Medtronic. “As key stakeholders, we hope this newly developed content will help media and other key partners better understand the landscape and navigate the complexities of device security.”

Health-ISAC President and CEO Denise Anderson also spoke out about the resource, commenting: “Medical device manufacturers are making a conscious effort to disclose vulnerabilities as they arise. Sometimes, news stories that result from these disclosures distort the impact of the actual vulnerabilities and cause panic or confusion. We hope these newly developed resources will help inform and educate the journalists who write about these disclosures to truly understand the nature of the vulnerabilities and report on them accordingly.”

View the documents here.