Summary: MedISAO, dedicated to improving medical device security, announced its renewed Memorandum of Understanding (MOU) with the FDA. This partnership emphasizes cybersecurity and patient safety. Medcrypt’s acquisition of MedISAO supports small and medium-sized businesses in enhancing device security.

Key Takeaways:

  • FDA Endorsement: The renewed MOU with the FDA underscores the importance of improving medical device cybersecurity.
  • Enhanced Collaboration: MedISAO provides a platform for information sharing to strengthen security measures across the industry.

MedISAO, an organization composed of members of the medical device manufacturer community dedicated to improving medical device security through education, awareness, and advocacy, announced its endorsement by the Food and Drug Administration (FDA) through a renewed Memorandum of Understanding (MOU). The MOU marked a continued collaboration and highlighted the importance of improving the security posture of the medical device ecosystem.

Importance of the Partnership

By endorsing the partnership, the FDA underscores the industry’s continued efforts to enhance cybersecurity, uphold patient safety, and maintain care integrity over the lifetime of a device, according to the organization.

Support for Small and Medium-Sized Businesses

Medcrypt’s acquisition of MedISAO in the fall of 2020 allowed it to offer the benefits of an Information Sharing and Analysis Organization (ISAO) to small and medium-sized businesses (SMBs), alongside Medcrypt’s medical device security solutions, setting a precedent for pre- and post-market security measures to enhance stakeholder cooperation and safeguard patient health.

“This endorsement showcases a continued commitment by the parties as well as their joint support and shared mission to strengthen the security of medical devices,” said Axel Wirth, chief security strategist at Medcrypt. “Transparency, information sharing, and swift resolution of cybersecurity issues within medical devices are paramount. MedISAO established a robust platform for collaborative information exchange, ultimately enhancing the security and safety of medical devices.”

FDA Initiatives and Guidance

The FDA has prioritized a focus on building internal cybersecurity resources and expertise, according to MedISAO, including the possibility for an updated post-market guidance as part of these initiatives. The FDA encourages responsible sharing of vulnerability and threat information among medical device stakeholders, aligning with the 2016 Cybersecurity Post Market Guidance. Manufacturers actively participating in an ISAO will not face enforcement of certain reporting requirements for high-risk vulnerabilities.

Raising Awareness and Fostering Trust

As part of the MOU with the FDA, the partnership aims to raise awareness of cyber risk management resources produced by the Health Sector Coordinating Council (HSCC) and foster trust within the healthcare community.

“Since our inception in 2016, MedISAO has remained committed to enhancing medical device security through collaboration,” said Daniel Beard, founder of MedISAO. “Our partnership with the FDA reinforces our mission, empowering manufacturers to enhance their security posture through shared information and resources.”