AdvaMed, an association of medical device manufacturers, will launch an information-sharing and analysis organization focused on cyberthreats to encourage collaboration and keep healthcare technology secure.
Information-sharing and analysis organizations have quickly become a common way for industries with security needs to manage the dissemination of information on sensitive digital threats.
A 2015 executive order by then-President Barack Obama encouraged the creation of such groups to boost cybersecurity cooperation in the private sector. ISAOs have emerged in retail and finance, for example.
Now the medical devices sector is taking the same approach. Last week, AdvaMed, a trade group for medical device manufacturers, announced the launch of its own ISAO, to help manufacturers communicate on threats and collaborate on breach prevention in the highly regulated industry.
Food and Drug Administration regulations require that high-tech medical devices be designed and built with cybersecurity concerns in mind. One benefit of the ISAO approach is that it can cut down on the number of disclosures companies must make to the agency. If a problem is handled promptly, disclosed to an ISAO, and has not created serious health risks, the manufacturer won’t need to disclose the problem to the FDA.
AdvaMed Vice President of Technology and Regulatory Affairs Zach Rothstein said the ISAO will also help smaller members better tackle cybersecurity regulations.
“It’s probably no surprise to hear that the smaller the med-device company, the harder it is for them to hire, retain, and pay for cybersecurity expertise,” Rothstein said, according to the Minneapolis Star Tribune. “Part of what we are using the ISAO to do is to provide that type of education [for] our midsize, smaller-sized companies.”
Rothstein added that the ISAO will take the form of a highly secure online forum in which cybersecurity experts can share information and discuss potential threats confidentially in real time.