Wednesday, January 14, 2015

Applying CyberSecurity Standards to Medical Device Design

Medical Devices do indeed need to be designed to protect against CyberSecurity. This has been stated by the FDA for almost a decade. The reality is that many Medical Device vendors, and many  Mobile Health Application developers really don't know how to fully cover CyberSecurity. So it is really nice to see that NIST and a broader audience involved with the "National CyberSecurity Center of Excellence": have provided a document that shows HOW to apply the NIST CyberSecurity standards to Medical Devices.

Health IT: Medical Devices


The National Cybersecurity Center of Excellence (NCCoE), in collaboration with the Technological Leadership Institute at the University of Minnesota, has devised a project to improve the security of wireless medical infusion pumps. This is the first of a series of use cases focused on medical device security.
The draft use case is available for public comments through February 20, 2015.
USE CASE: WIRELESS MEDICAL INFUSION PUMPS (PDF)

Here is a sample of some of the cool information in the document. Here is  fragment of a table that points you at NIST SP 800-53 specific items: