HSCC Introduces Plan for Cybersecurity ‘By Design’

The Healthcare and Public Health Sector Coordinating Council has developed a new guide for managing the security of medical devices.

The Medical Device and IT Joint Security Plan (JSP) is a total product lifecycle reference guide that uses “security by design” principles for devices and health IT solutions.

Aimed at improving information sharing between devicemakers and healthcare organizations, the plan stresses joint responsibility among industry stakeholders to harmonize security standards, risk assessment methodology and reporting vulnerabilities.

Roughly 200 device companies and health IT companies, healthcare providers and payers provided feedback on the plan. The JSP task force was co-chaired by representatives of Becton Dickinson, the Mayo Clinic and the FDA.

Although not a standard, device companies can voluntarily commit to the joint security plan and healthcare providers can request its use by vendors.