NH-ISAC and MDISS Partner to Form Medical Device Security Information Sharing Initiative

Kennedy Space Center, Fla., and New York, June 14, 2016 – NH-ISAC and MDISS, two leading organizations addressing the global public health challenge of medical device cybersecurity and cyber safety are launching an open collaboration, the Medical Device Information Sharing and Analysis Initiative as an extension of the Device Information Sharing Council that they co-chair under the umbrella of NH-ISAC.  The initiative’s governance and operational framework will be developed collaboratively by participating medical device manufacturers, healthcare providers and other stakeholders, dedicated to advancing the security and safety of medical devices, device associated care delivery networks and our nation’s health system.

The Medical Device Information Sharing and Analysis Initiative will provide coordinated information and analysis to support timely response activities by stakeholders.  Information sharing may include medical device risk assessments, host vulnerabilities and threat intelligence.

The council will leverage each organization’s unique strengths: NH-ISAC’s strong community and established, proven information sharing and analysis capabilities; and MDISS’s expertise in medical device cybersecurity, public health, regulatory science and health information technology best practices.

“We are very excited by this collaborative partnership,” said NH-ISAC president Denise Anderson. “This initiative is truly ground breaking because it brings together our combined expertise in medical device security and information sharing. With the nation’s leading healthcare providers and medical device companies as our members, we are uniquely able to understand the issue and advance strategies to address it.”

“With this partnership, we are bringing public health best practices and a collaboration framework for the evaluation, solutions development and intervention programs to address the challenge of medical device security. That is important because this is truly a public health issue – with potential impacts on patient safety and critical infrastructure,” said Dale Nordenberg, MD, executive director of MDISS.

The MDSISC initiative will meet the goals of the FDA Center for Devices and Radiological Health and NH-ISAC Memorandum of Understanding to assist in the creation of an environment that fosters stakeholder collaboration and communication, and encourages the sharing of information about cybersecurity threats and vulnerabilities to advance the safety, effectiveness, integrity, and security of the medical devices and the surrounding Health IT infrastructure.

The FDA considers voluntary participation in this group a critical component of a medical device manufacturer’s comprehensive proactive approach to management of post-market cybersecurity threats and vulnerabilities and a significant step towards assuring the ongoing safety and effectiveness of marketed medical devices. In FDA’s draft guidance, Postmarket Management of Cybersecurity in Medical Devices, FDA has stated its intent to not enforce certain reporting requirements of the Federal Food, Drug, and Cosmetic Act (FD&C Act) for companies that voluntarily participate in the program, and follow other recommendations in the guidance.

Companies that have committed to membership in this MDSISC initiative include: Abbott, AdvaMed, Baxter, Boston Scientific Corporation, GE Healthcare, Intuitive Surgical, Johnson & Johnson, Royal Philips and St. Jude Medical.

To join the Medical Device Security Information Sharing Council or for more information, contact NH-ISAC at [email protected]


ABOUT NH-ISAC – The National Health Information Sharing and Analysis Center (NH-ISAC), the official healthcare information sharing and analysis center, offers non-profit and for-profit healthcare stakeholders, such as: independent hospitals, IDN “providers”, health insurance “payers”, pharmaceutical/biotech manufacturers, laboratory, diagnostic, medical device manufacturers, medical school and medical R&D organizations, a community and forum for sharing cyber and physical threat indicators, best practices and mitigation strategies. NH-ISAC is a non-profit corporation funded and owned by its members. Membership is open to any healthcare stakeholder seeking protection of valuable PHI (personal health information) and compliance with Federal HIPAA regulations and standards, driving the assurance of patient health and life safety and fostering continuity of operations. Joining the NH-ISAC is one of the best ways health and public health services firms can do their part to protect the industry and its vital role in critical infrastructure. To learn more about the NH-ISAC or to become a member, please visit www.nhisac.org.

ABOUT MDISS – The Medical Device Innovation, Safety and Security Consortium (MDISS) founded in 2011, is a non-profit public health initiative and patient safety organization focused on medical device cybersecurity, along with practical technology, operations and policy solutions for improved safety of connected medical devices. MDISS was the first organization dedicated to these important medical device cyber health challenges and, in 2015, began to expand internationally. MDISS members bring deep expertise to inform an understanding of technical vulnerabilities; however, MDISS programs also support the development of epidemiologic methods, regulatory science and a public-private partnership model for public health interventions.