"HSCA Releases Cybersecurity Guidelines for Medical Device Manufacturers"

The Healthcare Supply Chain Association (HSCA) recently released guidelines for medical device manufacturers and healthcare providers on cybersecurity and patient privacy practices. HSCA's new guidance covers cybersecurity training, software, equipment acquisition standards, risk coverage, data encryption, information sharing, and more. The guidelines also provide tips on how healthcare organizations and medical device manufacturers can identify red flags before doing business with a third-party vendor or organization. In addition, HSCA calls on third-party vendors to follow strict cybersecurity standards to protect the privacy of patient data. Todd Ebert, HSCA president and CEO, pointed out that the widespread adoption of telemedicine and shift to virtual operations during the COVID-19 pandemic has shown how vital information technology, software, and medical devices are in improving patient care. However, recent cyberattacks have proven that medical devices and services are vulnerable to cybersecurity threats that could put patient health, safety, and privacy at risk. HSCA recommends that healthcare organizations and suppliers participate in one or more Information Sharing and Analysis Organizations (ISAOs), such as the Health Information Sharing and Analysis Center (H-ISAC). The trade association advises against working with manufacturers that do not actively participate in an ISAO. Healthcare organizations are encouraged to designate an information technology officer or a network security officer and provide role-appropriate cybersecurity training to employees. HSCA also suggests that healthcare organizations and suppliers implement firewalls, network segmentation, and strict access control. This article continues to discuss the cybersecurity guidelines released by HSCA for medical device manufacturers and healthcare providers. 

HealthITSecurity reports "HSCA Releases Cybersecurity Guidelines for Medical Device Manufacturers"