MITA Response to Report on Improving Cybersecurity in the Healthcare Industry

Re: Report on Improving Cybersecurity In The Health Care Industry

Dear Mr. Csulak and Ms. Meadows,

As the premier trade association representing the manufacturers of medical imaging equipment and radiopharmaceuticals, the Medical Imaging & Technology Alliance (MITA) would like to commend the HHS Task Force for developing the recently issued “Report on Improving Cybersecurity in the Health Care Industry.” This document will be foundational in establishing a policy, regulatory, and standards environment that protects patients and ensures access to health care services which are more resilient to cyber threats. MITA would like to align ourselves with this effort and plan on working quickly to incorporate its findings and recommendations into our ongoing efforts to enhance cybersecurity across the medical imaging industry.

MITA and its Member companies take cybersecurity risks very seriously. Cybersecurity incidents—as recent events have made clear—have the potential to harm both patients and health care providers, disrupt patient care, reduce the reliability of the health care system, and challenge the integrity of protected information.

We have been actively engaged on cybersecurity issues for a number of years and the MITA Board of Directors has established cybersecurity as a top industry priority. The MITA Cybersecurity Task Force is working to:

  • Continue to advance policies that will protect patient health and information
  • Establish a regulatory and standards environment that best enables the protection of the confidentiality, integrity, and availability of medical imaging devices and all associated information and infrastructure
  • Coordinate, collaborate, and, where appropriate, align with the broader health care cybersecurity policy, regulatory, and standards development community

We are analyzing the specific recommendations in this report, but have already identified a few key areas of priority interest:

  • Establishing a framework for information sharing about cybersecurity vulnerabilities and incidents
  • Developing incentives that will promote the use of cybersecure products
  • Aligning strategies and opening communications channels between MITA and other critical stakeholders, including regulators, healthcare providers, and other industry sectors

Cybersecurity is a shared responsibility and we are committed to doing our part. We look forward to working with the Agency and other stakeholders to make the healthcare system more cybersecure.

We would like to again recognize the enormous effort that went into the development of this report. If you have any questions, please contact Peter Weems at 703-841-3238 or by email at pweems@medicalimaging.org.

 

Sincerely,

Patrick Hope

Executive Director, MITA

 

CC:

The Honorable Lamar Alexander, Chairman, Senate Committee on Health, Education, Labor, and Pensions

The Honorable Patty Murray, Ranking Member, Senate Committee on Health, Education, Labor, and Pensions

The Honorable Greg Walden, Chairman, House Committee on Energy and Commerce

The Honorable Frank Pallone, Ranking Member, House Committee on Energy and Commerce

The Honorable Ron Johnson, Chairman, Senate Committee on Homeland Security and Government Affairs

The Honorable Claire McCaskill, Ranking Member, Senate Committee on Homeland Security and Government Affairs

The Honorable Michael McCaul, Chairman, House Homeland Security Committee

The Honorable Bennie Thompson, Ranking Member, House Homeland Security Committee

The Honorable Richard Burr, Chairman, Senate Select Committee on Intelligence

The Honorable Mark Warner, Ranking Member, Senate Select Committee on Intelligence

The Honorable Devin Nunes, Chairman, House Permanent Select Committee on Intelligence

The Honorable Adam Schiff, Ranking Member, House Permanent Select Committee on Intelligence

Suzanne Schwartz, MD, MBA, Associate Director for Science and Strategic Partnerships, US Food and Drug Administration

Steve Curren, MSFS, Director for the Division of Resilience, Office of the Assistant Secretary for Preparedness and Response, US Department of Health and Human Services

Leo Scanlon, Executive Director, Office of Information Security  and Chief Information Security Officer, US Department of Health and Human Services

Robert Kadlec, MD, Nominee, Assistant Secretary for Preparedness and Response, US Department of Health and Human Services