The Medical Imaging & Technology Alliance (MITA) announced the publication of a voluntary standard that supports security risk management within healthcare organizations by providing standardized information on security control features integrated within medical devices.
The standard, NEMA/MITA HN 1-2019, Manufacturer Disclosure Statement for Medical Device Security (MDS2), includes a form intended to provide healthcare delivery organizations with information and security control features within medical devices. It also clarifies the roles of manufacturers and healthcare delivery organizations in ensuring the security of medical devices.
“MITA recognizes that cybersecurity is a shared responsibility among all involved market participants, and it requires health delivery organizations especially to work collaboratively with manufacturers to ensure the use of best practices,” said Dennis Durmis, Senior Vice President Bayer Radiology, Americas Region, and Chair of MITA Board of Directors. “With this Standard, we aim to streamline communication and increase transparency of information between manufacturers and healthcare delivery organizations.”

“This Standard is an important step in the collaborative efforts between health delivery organizations and manufacturers to mitigate cybersecurity risk,” added Tim Walsh, Principal Information Security Analyst – CIS Operations, Mayo Clinic, and member of the MDS2 Canvass Group. “Transparent information and speed of getting that information from manufacturers to health delivery organizations are crucial, and this Standard helps foster both.”

The shared responsibility recognized by this Standard is aligned with the position of the U.S. Food and Drug Administration (FDA), which released a preparedness and response “ playbook ” last October to help healthcare delivery organizations address threats to medical device cybersecurity. Recognizing that manufacturers, hospitals, health care providers, cybersecurity researchers and government entities all have roles to play in addressing threats to medical device cybersecurity, the playbook serves as a resource to healthcare delivery organizations as they develop their individual emergency response plans.