All Articles Healthcare Pharmaceuticals New playbook helps medical product manufacturers respond to cyberthreats

New playbook helps medical product manufacturers respond to cyberthreats

Guide gives step-by-step instructions to deal with ransomware and other risks

3 min read

HealthcarePharmaceuticalsTechnology

Medical product makers are enjoying advances and increased efficiency from AI and big data. But these innovations also bring cyberrisks such as ransomware attacks, and companies need airtight plans to be able to rally and respond quickly. SmartBrief recently spoke with Greg Garcia, executive director for cybersecurity for the Health Sector Coordinating Council, about the council’s recently released playbook to help manufacturers face cyberthreats head-on.

Greg Garcia

Can you give some background on the playbook and how to use it?

The Medical Product Manufacturer Cyber Incident Response Playbook is a comprehensive guide that provides information, step-by-step recommendations and processes for medical product manufacturers to use in responding to manufacturing cyberincidents.

What are the biggest cyberrisks medical product manufacturers are dealing with?

In the product development lifecycle, device manufacturers need to be concerned about the security integrity of third-party software and components they build into their devices, both in compliance with FDA premarket guidance and in the security monitoring and patching associated with the device’s use in the clinical environment. The latter concern is a shared responsibility with the health care providers using the devices, so in the end it is about maintaining operational resiliency and patient safety.

What are some challenges in responding to cyberincidents that this guide addresses?

Cyberincident response is not limited to only the reactive activities during an incident but constitutes a greater cycle and feedback loop of activities encapsulating preparedness, response, recovery, and post-incident analysis and improvements. Effective cyberincident response is about maintaining a program of structured phases – putting the right mechanisms in place for activation when an incident occurs. These five phases involve:

  • Preparedness
  • Detection-investigation-analysis
  • Containment
  • Eradication
  • Recovery and post-incident activity.

What is the most important takeaway of the playbook?

The most important takeaway is that preparedness and response against cyberthreats and incidents are not strictly an IT security function, but an enterprise risk management function that requires engagement from multiple executive management responsibilities, including security, legal and compliance, emergency management and communications, among others. This requires collective preparedness, regular exercising and coordinated action.

To drill down a little more, what is the key takeaway for each of the following phases?

– Preparedness: Create a cyberincident response plan and team

– Detection, investigation and analysis: Design the dashboard and implement detection and monitoring software and procedures

– Containment: Expect the unexpected and have your running shoes on

– Eradication: Triage your resource needs and follow a response plan

– Recovery and post-incident activity:  Aim for rapid and effective time-to-recovery, documented with lessons learned to apply to the next incident

Is there any additional advice you would give manufacturers?

When we think of what constitutes the critical infrastructure of the US, medical manufacturing falls into two government-designated critical infrastructure sectors – health care and critical manufacturing. This importance confers a higher responsibility for security and resiliency on those companies developing life-saving technologies. So, it is our collective responsibility in this sector to be prepared to be resilient, on the imperative that cybersafety is patient safety.