Medical Device Security Benchmarks Initiative
Medical devices and the systems they rely on have become so interconnected and mobile that they need to be protected from the ever-increasing volume of cyber threats in order to protect the confidentiality of patient information and safeguard patient safety.
In recognition of the growing security concerns about network-connected medical devices, CIS launched an initiative in 2013 to help bolster the protection of these devices and the IT systems they rely on.
CIS co-leads the effort with the Medical Device Innovation, Safety and Security Consortium (MDISS) and is working collaboratively with a number of public and private sector partners to develop well-defined security baselines that help further strengthen defenses against cyber attack.
Medical Device Security Benchmarks Initiative Partners
CIS and MDISS Launch Security Benchmark Mapping Guidance NEW!
The first set of resources developed through the joint initiative is the release of new security recommendations that align industry recognized, consensus-based secure configuration best practices developed by CIS with Security Capabilities included in a Technical Report (IEC/TR 80001-2-2) within the International Electro-technical Commission (IEC) 80001-1, a global standard for performing risk management of IT networks that include medical devices.
The configuration guidelines, which were developed in collaboration with healthcare providers, manufacturers, cyber security experts and government entities, specifically apply to those devices that incorporate Microsoft Windows 7 and XP operating systems, which are commonly used for healthcare device systems.
We welcome additional feedback and recommendations on improving these resources and suggestions on creating similar guidelines: firstname.lastname@example.org
Join the Initiative
U.S. medical device manufacturers, healthcare facilities and cyber security experts are invited to join CIS, MDISS and their partners in this voluntary effort to produce clear, implementable, and consensus-based secure configuration guidelines on the controls that should be in place to help minimize risk against cyber attack or compromise. Contact CIS at (518) 266-3460 or email email@example.com
- Council on Cyber Security (CCS)
- Albany Medical Center (AMC)
- College of Healthcare Information Management Executives (CHIME)
- National Health ISAC (NH-ISAC)
- Association for the Advancement of Medical Instrumentation (AAMI)
- Underwriters Laboratory (UL)
- Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)
CIS Medical Device Security Benchmarks Initiative In the News:
- CIS, MDISS Collaborate on Medical Device Security Guidance - HealthIT Security
- Medical Device Security Benchmarks Emerging - CIO
- FDA Issues Medical Device Security Guide - HealthCareInfo Security
- The trouble with Electronic Devices - Capital New York
- Cybersecurity Tips for Medical Devices - Healthcare Info Security
- Boomer Voice: Can Medical Devices be Hacked? - HealthWorksCollective
- Are Internet-Enabled Medical Devices Safe from Hackers? - Government Technology
- Doctors disabled wireless in Dick Cheney's pacemaker to thwart hacking - Naked Security
- Dick Cheney's wireless heart monitor was modified to curb hacking threat - SC Magazine
- New Initiative To Develop Medical Device Security Standards - iHealthBeat
- New effort eyes benchmarks for medical device security - mHealthNews
- Healthcare IT Security Is Difficult, But Not Impossible - CIO
- Encrypted heartbeat could secure implanted devices - FierceHealthIT
- CIS, AMC partner to develop cybersecurity guidelines for electronic medical devices - TroyRecord
- CIS seeks medical device security guidance with RFI - HealthIT Security
- CIS Teams with Healthcare Community to Safeguard Internet-enabled Medical Devices - HispanicBusiness
- Non-profit to develop security guidelines for Internet-enabled med devices - FierceHealthIT
- Pacemakers Under Attack: When the Internet of Things Gets Sick - Silicon ANGLE
- Shoring up security of medical devices - SF Gate
- Medical Device Makers to Discuss Burgeoning Cyber Threat - Fox Business
- Medical Hacking Poses a Terrifying Threat, in Theory - Bloomberg Businessweek