Washington, DC (December 21, 2021) – The Healthcare Supply Chain Association (HSCA), which represents the nation's leading healthcare group purchasing organizations (GPOs), today released key cybersecurity considerations for medical device manufacturers, healthcare delivery organizations, and service providers to help safeguard patient health, safety, and privacy. In conjunction with the release of the key considerations, HSCA also published "Recommendations for Medical Device Cybersecurity Terms and Conditions," which details potential purchasing contract terms and conditions that could help ensure rapid adoption of rigorous cybersecurity measures.
"The widespread adoption of telemedicine and rapid shift to virtual operations during the COVID-19 pandemic has underscored the important role that information technology, software, and medical devices can play in improving patient care. However, as evidenced by recent cyberattacks, medical devices and services are vulnerable to cybersecurity threats that could jeopardize patient health, safety, and privacy," said HSCA President and CEO Todd Ebert, R. Ph. "GPOs leverage their unique line of sight over the supply chain to help providers harness the benefits of technology to care for their patients while guarding against cyber threats."
HSCA's cybersecurity measures include the following categories of considerations:
Ad Statistics
Times Displayed: 7619
Times Visited: 17 Stay up to date with the latest training to fix, troubleshoot, and maintain your critical care devices. GE HealthCare offers multiple training formats to empower teams and expand knowledge, saving you time and money.
Cybersecurity Training and Software: Includes designating an information technology security officer, maintaining updated anti-virus software, and implementing role-appropriate cyber training and assessments;
Equipment Acquisition Standards and Risk Coverage: Includes ensuring compliance with regulatory standards for purchasing medical devices and updating legacy devices, providing insurance policies to cover cybersecurity risks, and validating devices by testing manufacturer claims;
Data Encryption: Includes encrypting personal authentication data as well as any confidential or sensitive information when practical;
Information Sharing & Standards Organizations: Includes participating in Information Sharing and Analysis Organizations (ISAOs), certifying that suppliers of network-accessible medical devices, software and services are compliant with current FDA guidance documents, and ensuring that manufacturers provide a Manufacturer Disclosure Statement for Medical Device Security;
