AEHIS, MDISS to Collaborate on New Medical Device Cybersecurity Projects

ANN ARBOR, MI, Oct. 5, 2017 – The Association for Executives in Healthcare Information Security (AEHIS) and the Medical Device Innovation, Safety and Security Consortium (MDISS) announced today that they will work collaboratively on activities designed to help their members identify, mitigate and prevent cybersecurity threats to medical devices. Their joint activities will focus on four areas of collaboration: education, best practices, advocacy and information sharing. 

Launched in 2014, AEHIS is a membership organization that provides education and networking opportunities to nearly 700 chief information security officers (CISOs) and other senior healthcare IT security leaders employed by healthcare providers or payers. As part of its mission to advance the field, AEHIS addresses a range of technologies, systems, applications and processes related to healthcare information security. A priority for AEHIS and members is protecting patients from cyber threats, including attacks on medical devices, through education, sharing of best practices, public policy, advocacy and other activities.  

MDISS, is a 501(c)3 grass-roots organization made up of more than 2,000 hospitals and dozens of device manufacturers with a common goal: to make high quality medical device risk assessments faster, cheaper, more useful, more accessible and more shareable for everyone.  MDISS brings device manufacturers and healthcare providers together with regulatory bodies, patient advocates, insurers and security researchers to improvepublic health and enhance patient safety by advancing best practices in medical device risk management and cybersecurity. 

“AEHIS has quickly become a super collection of healthcare senior information security leaders working together with a collective voice on important issues,” said Sean Murphy, chair of the AEHIS collaborative relationships committee and vice president and CISO at Premera Blue Cross. “To that point, MDISS has also been a strong consortium of people working together on healthcare information security, specifically with respect to medical devices. Together, AEHIS and MDISS joining forces to advocate and advance better medical device security will benefit AEHIS members and MDISS stakeholders alike. Our collective voice will be powerful in improving healthcare information security practices and making patients safer.” 

“We’re delighted to be partnering with AEHIS,” said Dale Nordenberg, executive director of MDISS.  “The scale and reach of AEHIS’ education network is a perfect complement to MDISS’ continuous release of envelope-pushing technologies and best practices.  AEHIS will play a key role in accelerating the adoption of next-generation medical device security assessment platforms like MDRAP.” 

AEHIS and MDISS will work together: 

  • To provide education on medical device cybersecurity strategies, including a possible course for members and others; 
  • Develop and share best practices for medical device cybersecurity protection that can be tested and improved, and develop a shared understanding of cybersecurity vulnerabilities; 
  • Foster use of the National Institute of Standards and Technology’s cybersecurity framework;     
  • Identify best practices for detecting and mitigating cybersecurity vulnerabilities with medical devices; 
  • Educate and increase awareness of medical device cybersecurity issues among federal policymakers; 
  • Determine best practices to engage members in advocacy for cyber protection of medical devices; and  
  • Examine the barriers and burdens of sharing cybersecurity and medical device vulnerability information and the opportunities to support information sharing through existing or modified information sharing efforts. 

AEHIS is an organization within the College of Healthcare Information Management Executives. MDISS is an initiative of the not-for-profit Foundation for Innovation, Translation and Safety Science.  

About CHIME 

The College of Healthcare Information Management Executives (CHIME) is an executive organization dedicated to serving chief information officers (CIOs) and other senior healthcare IT leaders. With more than 2,400 CIO members and over 150 healthcare IT vendors and professional services firms, CHIME provides a highly interactive, trusted environment enabling senior professional and industry leaders to collaborate; exchange best practices; address professional development needs; and advocate the effective use of information management to improve the health and healthcare in the communities they serve. For more information, please visit 

The Association for Executives in Healthcare Information Security (AEHIS) was launched in 2014 in order to provide an education and networking platform to healthcare’s senior IT security leaders. With nearly 700 members, AEHIS is advancing the role of the CISO through education, collaboration and advocacy in support of secure health information for the protection of both healthcare organizations and consumers. For more Information, please visit  

About MDISS – The Medical Device Innovation, Safety and Security Consortium (MDISS), founded in 2010, is a 501(c)(3) non-profit public/private partnership dedicated to advancing patient safety and public health, and the first to focus exclusively on medical device cybersecurity. MDISS develops and delivers practical technology, operations and policy solutions for member organizations, including hospitals, health delivery organizations, doctors, epidemiologists, clinical engineers, medical device manufacturers, academics, regulators, embedded security experts and cybersecurity researchers. Visit

Candace Stuart
Director of Communications and Public Relations, CHIME
[email protected] 

Dale Nordenberg
Executive Director, MDISS
[email protected]