FDA’s Action vs Cybersecurity Risks and Cyber Attacks
As the healthcare industry has been a constant target of cyber attacks in recent months and years, FDA has stepped-up and created cybersecurity protocols for all their affiliated hospitals and medical institutions. Their goal is to help secure the medical devices that are used in the day-to-day activities of healthcare institutions, lessening the chance of a cyber attack against their equipment and computing infrastructure. FDA is expecting all affiliates under its umbrella will comply with all the requirements they set.
No less than FDA Commissioner, Scott Gottlieb disclosed to the public the protocols they will implement across the board in order to harden the cybersecurity capability of hospitals and its affiliates. “The risk of such an attack persists, and we understand that the treat of such an attack can cause alarm to patients who may have devices that are connected to a network. We want to assure patients and providers that the FDA is working hard to be prepared and responsive when medical device cyber vulnerabilities are identified,” explained Dr. Gottlieb.
FDA is partnering with other government agencies, to tap their expertise with cybersecurity defenses. This is because FDA and all its affiliates are not IT experts, most of its members are medical professionals and the government already have many IT professionals who can share their inputs with cybersecurity for hospitals. “Securing medical devices from cyber security threats cannot be achieved by one government agency alone. Every stakeholder, manufacturers, hospitals, healthcare providers, cybersecurity researchers, and government entities, all have a unique role to play in addressing these modern challenges. In this way, we can ensure the healthcare sector is well positioned to proactively respond when cyber vulnerabilities are identified in products that we regulate,” added Dr. Gottlieb.
Below are the summary of the methodology of FDA’s Cybersecurity policy: (as quoted directly from Dr. Gottlieb)
User Awareness Training
Medical device users, from clinicians to IT helpdesk staff and HTM professionals, should be aware of potential device cybersecurity incidents, their impacts, and appropriate responses. User awareness is particularly important in incident discovery, as many device cybersecurity issues are found by users. Cybersecurity issues often initially manifest as unusual device behavior; regular training for device users will help to ensure that cybersecurity is considered as a potential cause for any device peculiarity.
Incident Detection and Validation
The first part of incident detection and analysis is identifying or otherwise establishing that an incident has occurred. With natural disasters and terrorist attacks, there is no ambiguity. Cybersecurity incidents, however, are often difficult to identify and characterize correctly, as they may masquerade as malfunctions or go unnoticed.
Containment, Eradication, and Recovery
Once an incident has been confirmed, the response activity begins. Many HDOs use a “contain, clean, and deny” strategy to halt a cybersecurity incident, fix the damage, and restore services as quickly as possible. When cybersecurity criminal activity is suspected, a “monitor and record” strategy that watches and captures adversary actions may be used. Containment begins with HIMT activation and execution of the EOP. Minimizing impact to healthcare delivery, halting the active cybersecurity disruption, assessing the damage, and restoring normal business operations are the overarching goals driving the overall response phase.
Consider retaining a trained digital forensics expert to determine the full extent of any damage to the affected entity associated with a cybersecurity incident.
Document post-incident insights—what worked, what didn’t, ideas for the future, etc. As appropriate, update the EOP, Communications Plan, and other pertinent plans in light of the experience gained. In addition, review all plans annually, whether an incident occurred or not, to ensure that all processes, procedures, contacts, etc., are current
Julia Sowells960 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.