The FDA’s Center for Devices and Radiological Health (CDRH), the NH-ISAC, and the MDISS are collaborating on their shared interests to encourage the identification, mitigation, and prevention of cybersecurity threats to medical devices. This collaboration is designed to foster stakeholder communications and information sharing and enable stakeholders to take proactive and timely measures to mitigate the risks. The following provides a brief description of the three organizations and their missions and functions.
U.S. Food and Drug Administration
FDA is authorized to enforce the Federal Food, Drug, and Cosmetic Act (“the Act”) as amended (21 U.S.C. 301). In fulfilling its responsibilities under the Act, FDA among other things, directs its activities toward promoting and protecting the public health by ensuring the safety, efficacy, and security of drugs, biological products, veterinary products, medical devices and radiological products and the safety and security of foods and cosmetics. CDRH is responsible for assuring that patients and providers have timely and continued access to safe, effective, and high-quality medical devices and safe radiation-emitting products. To accomplish its mission, FDA takes efforts to stay abreast of the latest technological advances and developments in research by communicating with stakeholders about complex scientific and public health issues.
National Health Information Sharing and Analysis Center
The NH-ISAC, the official healthcare information sharing and analysis center, offers non-profit and for-profit healthcare stakeholders, such as: independent hospitals, IDN “providers”, health insurance “payers”, pharmaceutical/biotech manufacturers, laboratory, diagnostic, medical device manufacturers, medical school and medical R&D organizations, a community and forum for sharing cyber and physical threat indicators, best practices and mitigation strategies. NH-ISAC is a non-profit corporation funded and owned by its members. Membership is open to any healthcare stakeholder seeking protection of valuable PHI (personal health information) and compliance with Federal HIPAA regulations and standards, driving the assurance of patient health and life safety and fostering continuity of operations. Joining the NH-ISAC is one of the best ways health and public health services firms can do their part to protect the industry and its vital role in critical infrastructure.
Medical Device Innovation, Safety and Security Consortium
MDISS is an initiative of the non-profit Foundation for Innovation, Translation and Safety Science (FITSS). MDISS is a member driven collaborative and inclusive nonprofit organization committed to advancing quality health care with a focus on cybersecurity of health technology including medical devices. The MDISS organization and its programs develop and deliver best practices in public health, safety science and cyber physical system security to address the complex challenges associated with cybersecurity risk of healthcare technology and its impact on patient safety and privacy. MDISS medical device stakeholders include providers, payers, manufacturers, universities, government agencies, technology companies, individuals, patients, patient advocates and associations.