Press Releases

Medtech & Health IT Joint Security Plan Addresses Cybersecurity Threats


Mark E. Brager
[email protected]
(202) 434-7244

Washington, D.C. – A medical technology and health IT task force of medical device manufacturers, trade associations, FDA representatives and other health industry stakeholders – operating as part of the Healthcare Sector Coordinating Council (HSCC) – today unveiled the Medical Device and Health IT Joint Security Plan (JSP) to address challenges the health care industry faces when securing and protecting itself against cybersecurity incidents, both intentional and unintentional.

The JSP responds to and puts into effect recommendations and action items set forth in the June 2017 Health Care Industry Cybersecurity (HCIC) Task Force Report, which identified a need to increase the security and resilience of medical devices and health IT products.

The JSP provides a voluntary framework that should be considered during the entire product lifecycle, and to assist medical device manufacturers and health care information technology vendors to incorporate strong cybersecurity into existing design control, quality systems and product release processes. Various participants of the JSP drafting committee organizations commented on the JSP release:

“AdvaMed congratulates the Healthcare Sector Coordinating Council on release of the Joint Security Plan,” said committee member Zach Rothstein, AdvaMed vice president, technology and regulatory affairs. “The JSP provides a voluntary framework to assist medtech manufacturers, health IT vendors and others to continue to maintain the strongest cybersecurity practices for the benefit of patients everywhere, in a continuously evolving cybersecurity environment,” Rothstein said.

“The collaborative approach on the JSP demonstrates the health care sector’s ongoing commitment to address cybersecurity challenges throughout the product lifecycle and across the health care delivery system,” said Rob Suarez, director of product security for BD, who served as industry co-chair for the working group that developed the JSP. “Developed in collaboration among the health care community – including medical device manufacturers, health care IT vendors, health care delivery organizations, related trade associations, independent security researchers and federal government representatives – the JSP is an important, foundational piece of the collective effort to help make medical devices and IT solutions more secure from potential hacking risks.”

“MITA is encouraged by the engagement and collaboration among stakeholders and FDA to develop solutions for reducing medical device cybersecurity risks,” said Michael McNeil, global product security and services officer for Royal Philips and chair, MITA, Cybersecurity Committee. “As an increasingly important part of the modern health delivery infrastructure, it is important for medical device stakeholders to work together to share the responsibility of cybersecurity to ensure patient safety, privacy, and security.”