GDHP News

Launch of the Guidance for Medical Device Cybersecurity

October 16, 2024
4:30 am

Medical devices, including patient monitors and imaging systems, are a growing target for cyberattacks. Attackers exploit vulnerabilities to access sensitive patient data and disrupt critical healthcare services. In addressing this urgent global threat, GDHP collaborated with Singapore agency Synapxe to develop the GDHP Guidance for Medical Device Cybersecurity (GMDC).

Based on international regulatory requirements and standards, and leveraging Singapore’s existing cybersecurity framework, the Guidance for Medical Device Cybersecurity is designed to be both robust and forward-thinking.

This Guidance is an openly available, sound practice resource for medical device developers and manufacturers and healthcare purchasers to uplift cybersecurity practices through secure deployment and usage of medical devices.

"Through the launch of GMDC, we aim to equip Medical Device Manufacturers and Healthcare Delivery Organizations with the tools needed to navigate an increasingly complex cybersecurity landscape."

“We welcome the GDHP Guidance for Medical Device Cybersecurity launched today. At Philips, ‘Security Designed in’ is an end-to-end mindset ensuring the robustness of our innovations against cyber threats, and we are happy to note that Cybersecurity Levels 1 and 2 of the GDHP Guidance are strongly aligned with the cybersecurity requirements we have adhered to for years. We applaud GDHP’s efforts on the launch of this Guidance, and look forward to higher adoption of this unified set of best cybersecurity practices for medical devices that are recognised by healthcare purchasers worldwide.”

"Synapxe is committed to delivering world-class HealthTech solutions. Launching GMDC together with GDHP is another strong demonstration of active collaboration among the world’s digital health community."

“We welcome the launch of the GDHP Guidance, which will help guide us on the cybersecurity requirements recommended for medical devices. This move is aligned with the efforts of Becton-Dickinson to develop and design cyber secure medical devices for the markets we serve globally. Looking ahead, we hope this development would promote the standardisation of cybersecurity requirements across jurisdictions, ultimately reducing development costs and benefitting the industry as a whole.”

The Guidance is a product of the collaboration under the GDHP Cyber Security Work Stream, which focuses on strategies that can strengthen the processes and practices designed to protect healthcare related devices, systems, and networks, as well as the data within them, from security risks and cyberattacks.

The GMDC comprises four medical device cybersecurity levels, with each higher level being more comprehensive in the assessment. These requirements are titrated from regulatory requirements from International Medical Device Regulatory Forum (IMDRF), NEMA Manufacturer Disclosure Statement for Medical Device Security (MDS2), NIST framework and ISO/IEC and TR67 standards. The 4 levels are adapted from Cybersecurity Labelling Scheme for Medical Device [CLS(MD)] framework that is progressively tiered from Level 1 to provide increasing security assurance as they attain compliance to higher levels.

GDHP Guidance for Medical Device Cybersecurity_final Download

The Guidance Note was announced at Singapore GovWare Healthcare Forum on 16 October 2024 at the following panel discussion:

Elevating Medical Device Security: Release of Guidance for Medical Device Cybersecurity (GMDC) by Global Digital Health Partnership (GDHP), a critical resource for securing healthcare devices and systems from cyberattacks.

Moderator: Leon Chang, Assistant Chief Executive, Cyber Defence Group & Chief Risk Officer, Synapxe
Panellists:
- Tiffany Butler, Senior Advisor for Cybersecurity Policy & Compliance, U.S. Department of Health and Human Services (HHS)/ Office of the National Coordinator for Health Information
- Lisa Lewis Person, Deputy Assistant Secretary for Technology Policy; Deputy National Coordinator for Operations Chief Operating Officer, U.S. Department of Health and Human Services (HHS)/ Office of the National Coordinator for Health Information, Co-Chair of the GDHP Cybersecurity Work Stream
- Fuller Yu, Chief of IT Operations, Hospital Authority Hong Kong, Co-Chair of the GDHP Cybersecurity Work Stream

The launch of the GDMC was featured by various media outlets:

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

GDHP News

Launch of the Guidance for Medical Device Cybersecurity

Launch of the Guidance for Medical Device Cybersecurity

© 2024 Global Digital Health Partnership