The Center for Internet Security (CIS), East Greenbush, NY, announced a new initiative to help bolster the protection of Internet-enabled medical devices from cyber attacks. CIS, a nonprofit organization focused on enhancing cyber security readiness and response, issued a request for information (RFI) to US medical device manufacturers to invite their voluntary participation in developing security control guidelines for reducing cyber risk to medical devices.
The first of their kind, these benchmarks will provide clear recommendations on how device manufacturers should securely configure medical devices. The benchmarks are intended to build upon the FDA draft “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices.”
As indicated in recent safety notices issued by the FDA and the Industrial Control Systems Cyber Emergency Response Team, hardcoded password vulnerabilities were found in approximately 300 medical devices. These findings make it clear that much more needs to be done to improve cyber security within the medical device industry.
The first benchmarks will be focused on insulin infusion pump technologies, with future benchmarks being developed for other medical devices on an ongoing basis.