"MDIC Releases Medical Device Security Maturity Benchmarking Report"

The Medical Device Innovation Consortium (MDIC) released its first medical device security maturity benchmarking tool and report based on survey responses from 17 Medical Device Manufacturers (MDMs) to address medical device security challenges and gain insight into the healthcare industry's current state. MDIC worked with Booz Allen Hamilton to develop 44 survey questions in four categories based on the Health Sector Coordinating Council's (HSCC) Joint Security Plan (JSP), a product lifecycle reference guide for developing, deploying, and supporting secure medical devices and health IT products and solutions. According to Greg Garcia, executive director for cybersecurity at HSCC, there was no mutual understanding about shared responsibility among device manufacturers, hospital systems, and healthcare providers. MDIC will publish the report on an annual basis, and MDMs can use the benchmarking tool to measure maturity in the future. While the findings only represent the maturity of 17 MDMs, the report highlights the security postures and maturity of MDMs, enabling critical benchmarking capabilities for the sector. MDIC and Booz Allen Hamilton scored responses using the Capability Maturity Model Integration (CMMI) framework, a JSP-recommended framework for assessing product and service maturity. The CMMI scale runs from zero to five, with zero indicating "not initiated" and five indicating "optimized." Respondents were asked about organizational structure, risk management, design control, and complaint resolution. The results varied greatly among the MDMs surveyed, but the report concluded that the industry as a whole has a low level of cybersecurity maturity, particularly in terms of Design Control. The design control category, which asked MDMs how they managed security throughout a device's lifecycle, had the lowest average scores, at 1.42. The findings showed the importance of prioritizing vulnerability scanning and remediation, as well as establishing end-of-life dates for supporting third-party components. This article continues to discuss MDIC's first medical device security maturity benchmarking tool and report. 

HealthITSecurity reports "MDIC Releases Medical Device Security Maturity Benchmarking Report"

Submitted by Anonymous on