Cybersecurity roundup: MedSec provides risk support for hospitals; Global research links network performance to financial success

Between the medical device vulnerabilities and cybersecurity challenges discussed in the news this week, it’s clear that hospitals and health systems across the healthcare sector have their work cut out to strengthen defend and maintain business operations.

On the one hand, Diligent Institute and Bitsight looked at the cybersecurity ratings of thousands of mid-to-large companies trading globally and found the healthcare organizations included in the study had the highest security ratings. highest network security.

For low-resource and nonprofit hospitals that are a vital part of the healthcare system, MedSec is offering a new cybersecurity support program that the vendor says can help them Hospitals are struggling to meet voluntary federal cybersecurity performance goals while federal threat-intelligence partnerships to protect medical device security are renewed.

MedSec offers a cybersecurity roadmap

On Monday, the medical device cybersecurity company announced a new Hospital Resilience Roadmap Program that can help hospitals improve their cybersecurity posture and better protect their patients.

“One aspect of patient safety involves taking actions to protect against threats,” Debra Bruemmer, senior director of clinical security at MedSec, said in a statement. threaten network security”.

MedSec said the new program can help struggling hospitals make informed decisions about risk, understand their assets and recovery needs, and manage basic cyber risks.

“Many hospitals lack a meaningful cybersecurity program to protect patients from malicious cybersecurity events,” she said, pointing to the lack of resources and funding for many hospitals. .

The company said the recovery program provides an applicable set of underlying policies, processes and procedures that are aligned to meet industry best practices.

Tie cybersecurity ratings to profits

A recent report by Diligent and Bitsight found that companies with stronger cybersecurity performance deliver four times better financial performance.

In their analysis of more than 4,000 mid- to large-sized companies trading on public indices across Australia, Canada, France, Germany, Japan, the UK and the US, the average total shareholder return for companies had a five-year advanced cybersecurity performance rating of 71% over a one-year period and 67% over a three-year period. Companies with baseline performance ratings achieve 37% TSR over 5 years and 14% over 3 years.

“These findings show that cybersecurity is more than just an IT issue – it is an enterprise risk that has a serious impact on a company’s short-term performance and long-term health, and one that management management and the board need to be updated,” Dottie Schindlinger, executive director of the Diligence Institute, said in a statement.

She added: “With increasing pressure from regulators on organizations to demonstrate how they oversee cybersecurity, now is the time for boards and leaders to build their capacity them about cyber risks”.

Interestingly, according to the report, the mid to large publicly traded healthcare sector has the highest average security rating.

“Research shows that market leaders who prioritize cyber risk management outperform their industry peers,” noted Derek Vadala, chief risk officer at Bitsight. “This cannot be achieved without a deep understanding of cybersecurity performance and clear standards shared between the executive team and the board.”

CloudWave, FDA medical device threat intelligence

According to an updated memo, the U.S. Food and Drug Administration’s Center for Devices and Radiological Health and CloudWave’s Information Sharing and Analysis Organization have “a common interest in encouraging identifying, minimizing and preventing cybersecurity threats to medical devices”.

By enabling rapid sharing of medical device vulnerabilities, threats, and mitigations across the healthcare industry, the partners aim to reduce cybersecurity risks to health community.

The medical device cybersecurity partnership between CloudWave’s Sensato Cybersecurity team and the FDA began in 2016.

The new memorandum continues FDA and CloudWave ISAO’s efforts to increase healthcare industry awareness of the cyber risk management resources offered by the Healthcare Industry Coordinating Council.

This partnership encourages hospitals, health systems and other providers to successfully adapt and operate these resources and develop strategies to assess and mitigate security vulnerabilities. cyber as well as other threats affecting their medical products and devices.

The FDA said in the memo that, with the expansion of the partnership, the underlying cybersecurity medical device policy and vendor assessment framework of CloudWave-ISAO will be made available without charge under a source license. open to the healthcare and public health sectors.

“More than ever, medical devices are being targeted and we are focused on developing strategies,” John Gomez, CloudWave’s chief technology and security officer, said in a statement Tuesday. innovation to assess and mitigate cyber security threats.”

He added: “By proactively sharing information about cybersecurity vulnerabilities in the healthcare and public health sectors, we can achieve the timely situational awareness needed to reduce the attack surface and take appropriate measures to help protect patient safety.”

In addition to supporting threat mitigation information and awareness, the agency also works to enhance medical device requirements.

Last month, the FDA proposed updating its guidance, “Cybersecurity in Medical Devices: Quality System Considerations and Premarket Submissions,” adding loss disclosure requirements. vulnerabilities and provide recommendations for network equipment maintenance plans as well as patching timelines. The public comment deadline is May 13.

Andrea Fox is a senior editor at Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS Media.