Thursday, February 2, 2012

NIST explores economic incentives for medical device cybersecurity

The NIST Information Security and Privacy Advisory Board recently held a panel on Economic Incentives for Medical Device Cybersecurity.

Discussion summary: The lack of meaningful data on medical device cybersecurity leads to cybersecurity unpreparedness. Today, though, there is an economic disincentive for reporting of vulnerabilities and incidents. For instance, a hospital would incur liability by reporting a problem. The economic factors self-reinforce a cycle of not reporting cybersecurity problems, which increases the false impression of preparedness from lack of reported incidents. The lack of reported incidents is more likely a result of lack of incentives for reporting and a lack of effective reporting mechanisms designed to collect cybersecurity threat indicators from the clinical setting.

  • Brian Fitzgerald
    Deputy Director, Division of Electrical and Software Engineering, FDA CDRH OSEL
  • Kevin Fu
    Associate Professor, Computer Science, UMass Amherst (moderator)
  • Louis Jacques
    Director, Coverage and Analysis Group, Centers for Medicare and Medicaid Services
  • James Keller
    Vice President, Health Technology Evaluation and Safety, ECRI Institute
  • George Mills
    Director, Department of Engineering, The Joint Commission
  • Erich P. Murrell
    Lt. Col., CISO, Medical Devices, Office of the Air Force Surgeon General
Past ISPAB meetings with panels on medical device cybersecurity:

1 comment:

  1. Economic incentives? You would think the potential death of patients should be incentive enough. Typical corporate thinking. They wont spend a dollar until some poor sob's ICD gets hacked and they realize they turned god knows how many people into sitting ducks.

    It amazes me how engineers and programmers lack the awareness to address these issues during the design phase... great blog by the way wish for more updates on your current research!


All comments are moderated to prevent spam, so please pardon the delay while our anti-spam team looks at incoming messages.