IRVINE, Calif., Oct. 4, 2018 /PRNewswire/ -- MedISAO, a leading Information Sharing and Analysis Organization dedicated to medical device manufacturers, announced today that it has entered a memorandum of understanding with the U.S Food and Drug Administration (FDA)'s Center for Devices and Radiological Health (CDRH) and the National Health Information Sharing & Analysis Center, Inc. (NH-ISAC). MedISAO, the FDA and NH-ISAC have a shared interest in encouraging the identification, mitigation, and prevention of cybersecurity threats to medical devices.
MedISAO, in conjunction with the FDA and NH-ISAC, is working to create a community that encourages and supports the sharing of information regarding medical device cybersecurity vulnerabilities. These vulnerabilities, if exploited, may compromise a medical device's efficacy and potentially endanger healthcare IT infrastructures and patient safety. The FDA considers participation in an ISAO a critical component for a manufacturer to manage these threats.
"The FDA has made it very clear that cybersecurity is a major concern," said Daniel Beard, Director, MedISAO. "Manufacturers are not only expected to make cybersecurity part of their design and development, but they are also expected to monitor for vulnerabilities post-market. MedISAO can help by providing a community dedicated to keeping medical devices secure. We are happy to work together with the FDA towards that goal."
"Besides satisfying a key component of FDA's Guidance on Postmarket Cybersecurity, membership in MedISAO grants members access to a coordinated vulnerability disclosure program and an automatic reporting form," said Beard. "Membership can help avoid costly correction reporting when vulnerabilities are discovered as well as provide access to training materials and security tools. Ultimately we are working together to reduce patient harm while increasing privacy and security for everyone."
MedISAO, a division of Promenade Software, Inc., is an organization composed of members of the medical device community that is dedicated to improving the security of medical devices through education, awareness and advocacy. MedISAO provides cybersecurity information, education and tools tailor-made for the medical device industry. MedISAO is a registered ISAO providing compliance with the FDA's recommendation in the Postmarket Management of Cybersecurity in Medical Devices.
FDA MOU can be found here: https://www.fda.gov/AboutFDA/PartnershipsCollaborations/MemorandaofUnderstandingMOUs/OtherMOUs/ucm622056.htm