FDA PARTNERS WITH SENSATO-ISAO AND H-ISAC TO CREATE OPEN SOURCE CYBERSECURITY INTELLIGENCE NETWORK AND RESOURCE
Partnership evolved from Sensato Medical Device Cybersecurity Task Force
NEW JERSEY (October 9, 2018) – The United States Food and Drug Administration (FDA) Center for Devices and Radiological Health (CDRH) has officially executed a tri-lateral agreement between the FDA, the Health Information Sharing and Analysis Center (H-ISAC) and the Sensato-Information Sharing and Analysis Organization (Sensato-ISAO), Sensato announced today.
The goal of the agreement is “to ensure that essential medical device or healthcare cybersecurity vulnerability information can be shared with all stakeholders within the HPH Sector, including those who are not members of H-ISAC and Sensato-ISAO,” according to a statement from the FDA. “This collaboration will help inform a common understanding of that risk threshold upon which exploit of a vulnerability might impact on patient safety and/or public health.”
Through the agreement, the FDA, H-ISAC, and Sensato-ISAO will create a mechanism for information about cybersecurity vulnerabilities and threats to be shared, along with critical best practices and other intelligence and guidance related to medical device cybersecurity.
MEDICAL DEVICE CYBERSECURITY: STATISTICS
• There is an average of 6.2 vulnerabilities per medical device and the FDA has issued recalls for pacemakers and insulin pumps with known security issues
• Medical devices were specifically targeted by cyber attackers as recently as April 2018
• About 60 percent of medical devices are at end-of-life stage, with no security patches or upgrades available • The average organizational cost of a data breach for companies in the U.S. is $7.35 million
• The longer it takes to detect a breach, the more it costs – about $4 million more on average
• Cyber thieves target patient data because they can get top dollar for it — $500 for a Medicare number, for example
SENSATO MEDICAL DEVICE CYBERSECURITY TASK FORCE, EVOLVED
The partnership is an evolution of the Medical Device Cybersecurity Task Force (MDCTF) Sensato started in 2016, with a goal to move quickly and minimize bureaucracy to better address medical device cybersecurity. The MDCTF developed a vendor assessment framework, a cybersecurity medical device policy, and other best practices and approaches, growing from 20 organizational members to 83 in the manufacturing, government, healthcare, consultancy, and other sectors with a vested interest in safeguarding patient lives. The FDA learned of
MDCTF’s progress and assigned MITRE (the nonprofit that manages federally funded research and development centers supporting several U.S. government agencies) to the task force as its representative.
“We are so honored that MITRE approached us to consider evolving the MDCTF to an ISAO and formally partnering with the FDA and H-ISAC,” says Sensato CEO John Gomez. “More than ever before, medical devices are being targeted and we need to be nimble and proactive in how we protect them and the patients they serve.”
This partnership to advance education and critical intelligence in the healthcare industry aligns with Sensato’s mission of proactive, comprehensive cybersecurity protection for healthcare and other critical infrastructure enterprises. Sensato’s signature cybersecurity solution, Nightingale, provides a next-generation layer of protection for enterprises by delivering an advanced system of intrusion detection, forensic analysis, and countermeasures.
Sensato is top-500 cybersecurity innovator located in Red Bank, New Jersey. Founded in 2013, Sensato provides risk assessment, penetration testing, security operations, executive guidance, and software. CEO and founder John Gomez is an internationally-known cybersecurity expert, author, and speaker. Sensato’s programs, systems, services, training, and intelligence gathering are the product of designing the highest level of security for those who provide critical services that impact human health and safety: healthcare, medical, pharmacological, and related organizations; law enforcement, fire, and emergency services; clean water, power, and heat providers. Visit http://www.sensato.co.