HSCA has issued Cybersecurity Guidelines for Medical Device Manufacturers

The HSCA (Healthcare Supply Chain Association) issued cybersecurity and patient privacy guidelines for medical device makers and healthcare providers.According to its website, the HSCA is a trade association that represents healthcare GPOs (group purchasing organizations) across the United States, with the goal of advocating for fair procurement practices and education to improve efficiency in the purchase and sale of healthcare goods and services.

The HSCA new cybersecurity recommendations address four important areas: cybersecurity training and software, data encryption, risk coverage and equipment procurement criteria, and standards organizations and information sharing.The guideline included pointers for both healthcare organizations and medical device makers on how to spot red flags before doing business with a new vendor or organization. To safeguard patient data privacy, third-party providers must adhere to stringent cybersecurity rules.

“The extensive use of telemedicine and swift move to virtual operations during the COVID-19 pandemic underlined the essential role that software, information technology, and medical devices can play in enhancing patient care,” said Todd Ebert, president and CEO of the HSCA.”However, as previous hacks have demonstrated, medical equipment and services are subject to cybersecurity risks that may threaten patient health, safety, and privacy.”

Concerns about medical device security have been raised in the last year as a result of repeated vulnerability exposures that potentially jeopardize patient safety. Lacks of insight into how many devices are on a hospital’s network, as well as a significant number of old legacy equipment that cannot be patched, are barriers to attaining medical device security.