Active participation in MD-VIPER, a program of the Medical Device Security Information Sharing Council (MDSISC) serving as the Medical Device ISAO under the NH-ISAC and MDISS, provides an opportunity for manufacturers and the medical devices stakeholder community to collaborate, communicate, and share information about cybersecurity vulnerabilities that may affect the safety, effectiveness and security of medical devices, and the integrity and security of the surrounding healthcare IT infrastructure. Through communications and information sharing, the MD-VIPER community shares vital threat information as well as valuable threat mitigation strategies and maintains an awareness of possible attacks and exploited vulnerabilities that may have downstream public health and patient safety consequences.
MD-VIPER is inclusive (open to all healthcare and medical device stakeholders including non-profit and for-profit organizations), actionable (participants will receive useful and practical cybersecurity risk, threat indicator, and incident information, transparent (participants will have an adequate understanding of how that model operates and if it meets their needs), and trusted (submitters can request that their information be treated as Protected Critical Infrastructure Information(https://www.dhs.gov/pcii-program) and all participants need to agree to abiding by the Traffic Light Protocol for information sharing. Such information is shielded from any release otherwise required by the Freedom of Information Act or State Sunshine Laws and is exempt from regulatory use and civil litigation if the information satisfies the requirements of the Critical Infrastructure Information Act of 2002 (6 U.S.C. §§ 131 et seq.)).