Cyber Security & Privacy

Digital connectivity is critical to today’s health care systems, and cybersecurity and privacy are critical to that digital connectivity. Medical imaging devices and enterprise images systems are a significant part of the modern health delivery infrastructure, and it is important that stakeholders across the industry work together to share the responsibility of cybersecurity to ensure patient safety, privacy and security.

 

MITA supports the following principles to improve the overall cyber resilience of the health care industry:

  • Recognition that cybersecurity is a shared responsibility between all stakeholders, including manufacturers, healthcare providers, patients, and others.
  • Good cyber hygiene depends on multiple factors beyond the security of the device itself: proper network security, appropriate physical controls, and third-party support all play a significant role.
  • The importance of global standards must be recognized and relied upon instead of new regulation. Standards are the backbone of industry self-regulation and are often updated more frequently than regulation, allowing for adaptability to a changing landscape.
  • Reference to specific cybersecurity risk-mitigation tactics should be avoided. Cyber threats are constantly evolving as are risk-mitigation tactics. What is relevant or best practice now, might be irrelevant within years, or even months.
  • Recognition that technology alone cannot provide security. Organizational measures must also be in place to ensure good cyber hygiene.
  • Recognition of a device’s finite lifecycle. The physical life of a device and the digital life of a device depend on many factors and may be very different. Policies need to be developed which incentivize the transition of legacy products out of use.
Information sharing policies should have clearly established legal guardrails and incentives for participation. Information sharing requirements, if implemented, should also extend to owners/users of medical devices. While these policies have been successfully implemented in other industries, there are significant differences between healthcare and finance, which must be recognized.