A consortium of digital identity players is tackling cybersecurity for medical devices by crafting a set of industry standards and guidance to ensure manufacturers build trusted, secure and interoperable products.SAFE Identity, a Reston, Virginia-based association that serves as a third-party certification body, said it has established a special Internet of Medical Things (IoMT) working group to standardize requirements for certification based on industry best practices for device identity and assurance. Membership so far is composed of digital identity experts Carillon, DigiCert, IdenTrust, PrimeKey and Trans Sped.SAFE said medical device manufacturers, healthcare delivery organizations, other buyers of medical devices and industry consortiums are welcome to participate.
IoT and Medical Devices: Massive Cyber Target
To help make its point, SAFE pointed to an earlier study by IoT security company Zingbox (part of Palo Alto Networks) that determined there are 10 million to 15 million medical devices in U.S. hospitals with an average of 10 to 15 connected instruments per patient bed. The research also found that more than 80 percent of healthcare organizations had been victimized by an IoT-type cyberattack. SAFE figures that establish a recognizable cybersecurity certification badge specific to the medical industry will affirm to hospitals, radiology centers, medical labs and others purchasing devices that a manufacturer has baked into its products a standards-based security credential.SAFE said it has appointed Priti Dave, a 14-year healthcare IT industry veteran who currently serves as SAFE’s solutions strategy director, to head the working group. “Providing a path to secure medical device identities is a major step towards building the foundation for digital trust within healthcare,” said Dave. “The IoMT working group provides an excellent forum for all parties in the healthcare space to share their needs and expertise surrounding medical device security, and we encourage participation from across the industry, she said.”SAFE Identity: Key Priorities
The project has three phases:- Phase I: Modernize the SAFE Certificate Policy, a set of technical specifications, interoperability criteria, compliance guidelines and liability rules to meet the needs of the medical device space.
- Phase II: Establish operational guidance and implementation strategy to help device manufacturers and consumers of medical devices adopt industry standards and best practices.
- Phase III: Set guidance for leveraging the SAFE Trust Framework and industry guidance to satisfy various aspects of FDA pre-market and post-market guidance for medical devices.