Medtech and healthcare technology consulting group Emergo and healthcare cybersecurity developer MedCrypt said this week that they will refer prospective clients to one another and co-market their cybersecurity software solutions, consulting and risk management services to ensure clients understand and meet the FDA’s requirements and those of other market regulators.
In 2018, the FDA released its pre-and post-market guidelines that outline issues manufacturers need to consider in the design and development of their medical devices to ensure they address cybersecurity vulnerabilities. The post-market guidance outlines a risk-based framework to ensure manufacturers could quickly respond to new threats once a device is in use.
Since late 2009, the U.S. Department of Health and Human Services (HHS) has required the reporting of data breaches that affect more than 500 patients. The data since then show a year-over-year increase of reported breach incidents by 23% with hacking incidents now accounting for two-thirds of reported breaches. Additionally, medical device vulnerabilities that are reported regularly by ICS-CERT have shown a 109% year-over-year increase of newly disclosed vulnerabilities.
“While the healthcare industry has made significant strides when it comes to cybersecurity, the increase in targeted attacks in the last year alone shows us there is still significant work to be done to make security a top priority,” said MedCrypt CEO Mike Kijewski in a news release. “Healthcare companies and vendors are challenged with determining how to continue to innovate and deliver clinical therapies, but doing so while being secure. This collaboration with Emergo by UL provides our combined networks of customers with a wider set of services that together ensure security is designed into a device throughout its entire life cycle, which is the best bet we have at moving the needle for better healthcare security.”