Collaborative Approaches for Medical Device and Healthcare Cybersecurity; Public Workshop; Request for Comments
Federal Information & News Dispatch, Inc. |
Notice of public workshop; request for comments.
Citation: "79 FR 56814"
Document Number: "Docket No.
Page Number: "56814"
"Notices"
The Food and Drug Administration (FDA) is announcing the following public workshop entitled "Collaborative Approaches for Medical Device and Healthcare Cybersecurity".
Dates and Times: The public workshop will be held on
Location: The public workshop will be held at the
Contact Person:
Registration: Registration is free and available on a first-come, first-served basis. Persons interested in attending this public workshop must register online by
If you need special accommodations due to a disability, please contact
To register for the public workshop, please visit
Streaming Webcast of the
Comments:
Regardless of attendance at the public workshop, interested persons may submit either electronic comments regarding this document to http://www.regulations.gov or written comments to the
Transcripts: Please be advised that as soon as a transcript is available, it will be accessible at http://www.regulations.gov. It may be viewed at the
SUPPLEMENTARY INFORMATION: In
Executive Order 13636 and P.P.D. 21 together serve as a call to action for promoting the cybersecurity of the Nation's critical infrastructure.
If exploited, cyber vulnerabilities may result in medical device malfunction, disruption of healthcare services including treatment interventions, inappropriate access to patient information, or compromised electronic health record data integrity. Such outcomes could have a profound impact on patient care and safety. As devices become more connected and interoperable, the threat potential increases. Now, rather than impacting a single device or single system, multiple devices or an entire hospital network may be compromised. Addressing medical device cybersecurity requires recognizing interoperability and interconnectivity. Therefore, enhancing security and resilience entails designing healthcare systems for seamless integration. Such integration will foster innovative and interoperable medical devices that protect and improve patient health and safety.
Advancing medical device cybersecurity measures within the HPH Sector relies upon a `whole of community' approach that will require acceptance of a `shared ownership and shared responsibility' model. The objectives of such a model are twofold: (1) To seek solutions that incentivize businesses to adopt best practices and industry standards to be included in product design and systems architecture, and (2) to foster stakeholder collaboration such that emerging threat and vulnerability information is readily shared. This effort requires breaking down barriers and building trust between stakeholders. Ultimately, this effort will facilitate a forum to implement HPH cyber vulnerability and threat management.
II. Topics for Discussion at the
The public workshop sessions will incorporate the following general themes:
* Envisioning a collaborative environment for information sharing and developing a shared risk-assessment framework using a common lexicon;
* Overcoming barriers (perceived and real) to create a community of `shared ownership and shared responsibility' within the HPH Sector to increase medical device cybersecurity;
* Gaining situational awareness of the current cyber threats to the HPH Sector, especially to medical devices;
* Identifying cybersecurity gaps and challenges, especially end-of-life support for legacy devices and interconnectivity of medical devices;
* Adapting and implementing the Framework to support management of cybersecurity risks involving medical devices;
* Developing tools and standards to build a comprehensive cybersecurity program to meet the unique needs of the sector's critical infrastructure, including medical devices;
* Leveraging the technical subject matter expertise of the cybersecurity researcher community working with HPH stakeholders to identify, assess, and mitigate vulnerabilities; and
* Building potential solutions: Exploring collaborative models to gather diverse experts and establish medical device security benchmarks which are continuously validated.
III. Questions for Consideration
FDA also requests HPH Sector stakeholders to provide perspective on the following:
1. Are stakeholders aware of the "Framework for Improving Critical Infrastructure Cybersecurity"? If so, how might we adapt/translate the Framework to meet the medical device cybersecurity needs of the HPH Sector?
2. How can we establish partnerships within the HPH Sector to quickly identify, analyze, communicate, and mitigate cyber threats and medical device security vulnerabilities?
3. How might the stakeholder community create incentives to encourage sharing information about medical device cyber threats and vulnerabilities?
4. What lessons learned, case studies, and best practices (from within and external to the sector) might incentivize innovation in medical device cybersecurity for the HPH Sector? What are the cybersecurity gaps from each stakeholder's perspective: Knowledge, leadership, process, technology, risk management, or others? and,
5. How do HPH stakeholders strike the balance between the need to share health information and the need to restrict access to it?
The deadline for submitting answers to these questions for consideration and any other additional comments on the proposed workshop topics is
IV. References
1. Executive Order 13636, "Improving Critical Infrastructure Cybersecurity,"
2. Presidential Policy Directive 21, "Critical Infrastructure Security and Resilience,"
3.
Dated:
Assistant Commissioner for Policy.
[FR Doc. 2014-22515 Filed 9-22-14;
BILLING CODE 4164-01-P
Copyright: | (c) 2014 Federal Information & News Dispatch, Inc. |
Wordcount: | 1794 |
Development and Regulation of Abuse-Deterrent Formulations of Opioid Medications; Public Meeting
Advisor News
Annuity News
Health/Employee Benefits News
Life Insurance News