No organization can go it alone when confronting evolving cyberthreats, according to experts who presented at the Medical Device Innovation, Safety and Security Consortium’s fall conference in Arlington, Virginia. For conference participants, information sharing is key to protecting medical devices – and patients – from potential attacks by a variety of actors.
Private companies such as Target aren’t asked to deploy surface-to-air missiles to protect themselves from a potential attack by Russia, said Jamil Jaffer, director of the National Security
Institute at George Mason University.
Yet, individual hospitals “are expected to defend themselves” from state-sponsored cyberattacks – a threat that is “very real,” according to Jaffer.
Instead of relying on health care delivery organizations (HDOs), medical device manufacturers, or health technology developers to address cyberthreats on their own, the Food and Drug Administration (FDA) has advocated for a “whole of community” approach to cybersecurity, according to Suzanne Schwartz, FDA’s associate director for science and strategic partnerships.
“No sole entity is capable of being able to address this complex issue alone,” Schwartz said during her presentation.
A major part of building this community relies on sharing information, according to Evan Wolff, partner at Crowell & Moring LLP in Washington, D.C., where he co-chairs the firm’s Privacy and Cybersecurity Group.
“Information sharing provides for a common defense,” he said.