Overview of Program:

MDIC recognizes that cybersecurity is a critical infrastructure vital to the United States. Cybersecurity threats can have a debilitating effect on security, national economic security, and national public health or safety. As such, MDIC is focused on making meaningful contributions to advance cybersecurity as it relates to medical devices.

The Cybersecurity Program is focused on:

  • Identifying priorities for the Medical device industry to help ensure safety and effectiveness of medical devices across their lifecycle

Program Background:

The U.S. Food and Drug Administration’s (FDA) Center for Devices and Radiological Health (CDRH) has issued guidance to address cybersecurity as part of their ongoing effort to ensure safety and effectiveness of medical devices across their lifecycle. It is recommended manufacturers build risk management programs that span premarket from early design, through the development of products, and into the postmarket environment.

Some medical device manufacturers have implemented coordinated cybersecurity vulnerability portals and processes as one tool in their overall threat detection and response process. These portals and processes enable manufacturers to receive findings from researchers regarding potential vulnerabilities in a device. However, the majority of medical device manufacturers do not have portals or defined processes to receive these findings and to act on this information in a timely way. MDIC believes that coordinated cybersecurity vulnerability processes and portals are integral to a comprehensive approach to counteract cybersecurity threats.