U.S. Food and Drug Administration (FDA) Extends its Memorandum of Understanding (MOU) with MedISAO
Industry: Healthcare
Strategic partnership between FDA and MedISAO emphasizes the importance of strengthening medical device security
San Diego, CA (PRUnderground) May 20th, 2024
MedISAO, an organization composed of members of the medical device manufacturer community dedicated to improving medical device security through education, awareness, and advocacy, announced today its endorsement by the Food and Drug Administration (FDA) through a renewed Memorandum of Understanding (MOU) signed on April 18, 2024, marking a continued collaboration and highlighting the importance of improving the security posture of the medical device ecosystem.
In an era where medical devices are increasingly exposed to cyber risks, a 2023 study found nearly 1,000 vulnerabilities spanning 966 medical products, highlighting the pressing need for proactive cybersecurity measures. By endorsing the partnership, the FDA underscores the imperative continued efforts to enhance cybersecurity, uphold patient safety, and maintain care integrity over the lifetime of a device.
Medcrypt’s acquisition of MedISAO in the fall of 2020 paved the way for offering the benefits of an Information Sharing and Analysis Organization (ISAO) to small and medium-sized businesses (SMBs), alongside Medcrypt’s medical device security solutions, setting a precedent for pre- and post-market security measures to enhance stakeholder cooperation and safeguard patient health.
“This endorsement showcases a continued commitment by the parties as well as their joint support and shared mission to strengthen the security of medical devices,” stated Axel Wirth, chief security strategist at Medcrypt. “Transparency, information sharing, and swift resolution of cybersecurity issues within medical devices are paramount. MedISAO established a robust platform for collaborative information exchange, ultimately enhancing the security and safety of medical devices.”
The FDA is making strides in enhancing its operations, with priorities for the next two years focusing on building internal cybersecurity resources and expertise. It can be assumed that an updated post-market guidance will be part of these initiatives.
Through this, the FDA encourages responsible sharing of vulnerability and threat information among medical device stakeholders, aligning with the 2016 Cybersecurity Post Market Guidance. Manufacturers actively participating in an ISAO will not face enforcement of certain reporting requirements for high-risk vulnerabilities.
As part of the MOU with the FDA, the partnership aims to raise awareness of cyber risk management resources produced by the Health Sector Coordinating Council (HSCC) and foster trust within the healthcare community.
Daniel Beard, founder of MedISAO, highlighted the partnership’s significance in addressing cybersecurity challenges faced by medical device manufacturers. “Since our inception in 2016, MedISAO has remained committed to enhancing medical device security through collaboration,” said Dan Beard. “Our partnership with the FDA reinforces our mission, empowering manufacturers to enhance their security posture through shared information and resources.”
About MedISAO/Medcrypt
MedISAO, a part of Medcrypt Inc., is an organization composed of members of the medical device manufacturer community dedicated to improving medical device security through education, awareness, and advocacy. MedISAO provides cybersecurity information sharing, education, and tools tailor-made for the medical device industry. MedISAO is a registered ISAO with an FDA MOU providing compliance with the FDA’s recommendation in the Postmarket Management of Cybersecurity in Medical Devices. For more information, visit www.medisao.com and www.medcrypt.com
Medcrypt is helping healthcare technology companies ensure medical devices are secure by design. We provide cybersecurity products and strategic management consulting to expedite the go-to-market process of medical device manufacturers’ new life-saving connected technologies. Founded in 2016 by a team of healthcare cybersecurity experts, Medcrypt is uniquely positioned to be the security catalyst for medical device manufacturers to design secure, FDA-approved technologies. We continue to work with those paving the way toward safe and reliable medtech.
To date, Medcrypt has raised more than $36 million in funding with participation from Johnson & Johnson Innovations, Intuitive Ventures, and Dexcom Ventures. For more information, please visit www.Medcrypt.com.