Charles Sternberg, Associate Editor03.13.23
The Healthcare and Public Health Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG) has published “Health Industry Cybersecurity – Managing Legacy Technology Security (HIC-MaLTS),” a comprehensive guide to address the management of cyber risk caused by legacy technologies used in healthcare environments.
The 115-page toolkit recommends cybersecurity strategies that manufacturers and health providers can implement for legacy medical technology as a shared responsibility in the clinical environment and provides insights for designing future devices that are more secure.
Concurrently, the White House released its “National Cybersecurity Strategy,” which envisions an increased emphasis on protecting the nation’s critical infrastructures from cyber threats and incidents. The HIC-MaLTS addresses that emphasis for healthcare through rigorously-negotiated recommendations for cybersecurity management and accountability between health delivery organizations and medical technology companies involving legacy medical systems in the clinical environment. This will support our critical healthcare infrastructure and patient safety.
The result was compromise, consensus and actionable practices that ultimately will increase security, lower costs, and protect patient safety.
The HIC-MaLTS document can be found here.
The 115-page toolkit recommends cybersecurity strategies that manufacturers and health providers can implement for legacy medical technology as a shared responsibility in the clinical environment and provides insights for designing future devices that are more secure.
Concurrently, the White House released its “National Cybersecurity Strategy,” which envisions an increased emphasis on protecting the nation’s critical infrastructures from cyber threats and incidents. The HIC-MaLTS addresses that emphasis for healthcare through rigorously-negotiated recommendations for cybersecurity management and accountability between health delivery organizations and medical technology companies involving legacy medical systems in the clinical environment. This will support our critical healthcare infrastructure and patient safety.
Who Should Use It?
The HIC-MaLTS details best practices and recommendations in modular and actionable format for medical device manufacturers (MDMs), healthcare delivery organizations (HDOs), and other technology providers whose products are used in healthcare environments.What Does It Cover?
HIC-MaLTS covers the “Core Pillars” of a comprehensive legacy technology cyber risk management program:- Governance: How should healthcare stakeholders govern to ensure effective legacy technology cyber risk management?
- Communications: Internally, to their customers, regulators, and the public—how should organizations communicate to manage legacy technology risk?
- Cyber Risk Management: For current and future legacy technologies, how should organizations manage cyber risk to limit current risk and avoid or minimize future risk?
- Future Proofing: How should MDMs and other technology providers design, deploy, and maintain their technologies to avoid or lessen legacy technology risks?
Document Development Process
The HSCC task group that developed this resource consisted of 65 organizational members co-led by Intermountain Healthcare, Elekta, and FDA. The work process involved 3 years of engagement, negotiation and drafting among health delivery and medtech companies, demonstrating a collaborative commitment to the principle of shared responsibility.The result was compromise, consensus and actionable practices that ultimately will increase security, lower costs, and protect patient safety.
The HIC-MaLTS document can be found here.