MITA Releases National Standard for Medical Device Security

The Medical Imaging & Technology Alliance (MITA) has announced the publication of NEMA/MITA HN 1-2019, Manufacturer Disclosure Statement for Medical Device Security, also known as MDS2. This voluntary standard supports security risk management within healthcare delivery organizations by providing standardized information on security control features integrated within medical devices, MITA officials say.

“MITA recognizes that cybersecurity is a shared responsibility among all involved market participants, and it requires health delivery organizations especially to work collaboratively with manufacturers to ensure the use of best practices,” saya Dennis Durmis, senior vice president, Bayer Radiology, Americas Region, and Chair of MITA Board of Directors. “With this standard, we aim to streamline communication and increase transparency of information between manufacturers and healthcare delivery organizations.”

The standard, whose development was led by MITA in conjunction with a diverse group of interested parties, includes a form intended to provide healthcare delivery organizations with crucial information and security control features within medical devices. It also clarifies the roles of manufacturers and healthcare delivery organizations in ensuring the security of medical devices.

“This standard is an important step in the collaborative efforts between health delivery organizations and manufacturers to mitigate cybersecurity risk,” says Tim Walsh, principal information security analyst—CIS Operations, Mayo Clinic, and member of the MDS2 Canvass Group. “Transparent information and speed of getting that information from manufacturers to health delivery organizations are crucial, and this standard helps foster both.”

MITA officials say the shared responsibility this standard recognizes aligns with the position of the U.S. FDA, which released a preparedness and response “playbook” last October to help healthcare delivery organizations address threats to medical device cybersecurity. Recognizing that manufacturers, hospitals, healthcare providers, cybersecurity researchers, and government entities all have roles to play in addressing threats to medical device cybersecurity, the playbook serves as a valuable resource to healthcare delivery organizations as they develop their individual emergency response plans.

“We look forward to further engaging with our partners over the next several months to ensure the MDS2 Standard is appropriately implemented across the sector,” Durmis concludes.