web stats

HSCC releases the Medical Device and Health IT Joint Security Plan

The Healthcare and Public Health Sector Coordinating Council released in late January new recommendations for manufacturing and managing the security of medical devices for clinical practices. Developed over the past year, the “Medical Device and Health IT Joint Security Plan” is a total product lifecycle reference guide to developing, deploying and supporting cyber secure technology solutions in the health care environment.

The JSP utilitizes “security by design’ principles throughout the product lifecycle of medical devices and health IT solutions.  It identifies the shared responsibility between industry stakeholder to harmonize security-related standards, risk assessment methodologies and vulnerability reporting requirements to improve the information sharing between manufacturers and healthcare organizations. The JSP will be a living document and will be updated as required to adapt to the ever-changing threat environment for medical devices and health IT solutions.

The JSP responds to a set of recommendations issued in Jun 2017 by the Health Care Industry Cybersecurity (HCIC) Task Force, which urged strong efforts toward increasing the security and resilience of medical devices and health IT. The HCIC was established by the Department of  Health and Human Services at the direction of the Cyber Security Act of 2015.

Click here for frequently asked questions.