The Medical Device Innovation, Safety and Security Consortium (MDISS) has launched the first of more than a dozen planned security testing labs for medical devices. The new MDISS World Health Information Security Testing Lab (WHISTL) will focus on vetting complex multi-vendor, multi-device critical-care environments, such as hospital intensive care units and emergency rooms.
Further, the WHISTL facilities will comprise a federated network of medical device security testing labs, independently owned and operated by MDISS-member organizations including healthcare delivery organizations, medical device manufacturers, universities and technology companies. Each WHISTL facility will launch and operate under a shared set of standard operating procedures.
The goal, MDISS officials say, is to help organizations work together to more effectively address the public health challenges arising from cybersecurity issues emergent in complex, multivendor networks of medical devices.
While such security “proving grounds” aren’t new to enterprise IT, WHISTL is the first network of labs specifically designed around the needs of medical device researchers, healthcare IT professionals, and hospital clinical engineering leaders. By the end of 2017, MDISS WHISTL facilities will open in New York, Indiana, Tennessee, and California, as well as in the United Kingdom, Israel, Finland, and Singapore.
Enabling MDISS members to test devices in both physical and virtual environments, WHISTL facilities will focus on identifying and mitigating medical device vulnerabilities, sharing solutions and best practices, and device security education and awareness. Newly uncovered vulnerabilities will be responsibly reported to medical device manufacturers and to the National Health Information Sharing and Analysis Center (NH-ISAC)-MDISS Medical Device Vulnerability Program for Evaluation and Response.
“WHISTL will provide much-needed insight from actual developers and users of medical devices, which will result in increased relevant and actionable information sharing and situational awareness for all stakeholders in healthcare,” says Denise Anderson, president of NH-ISAC. “NH-ISAC looks forward to partnering with MDISS on this important effort for the community.
Benjamin Esslinger, a member of 24×7 Magazine’s editorial board, also spoke out about the new endeavor, commenting: “Working with MDISS over the past year on WHISTL has helped us make real progress against some very complex risk scenarios, while keeping the focus on patient safety.” After all, Esslinger says, security best practices for medical devices are “still maturing.”
“Our new WHISTL facility enables us to run medical devices through tougher, more realistic test regimes,” he adds. “Hidden vulnerabilities surface more quickly, and that helps us build more responsive standard operating procedures.”