In the current landscape of the healthcare industry, the development of medical devices is at the forefront of both patient’s and provider’s minds. Legacy medical devices are creating a dilemma in the industry due to their lack of reliability. All devices of this nature have yet to go through an IVDR conformance evaluation process, however, they are still used due to the absence of standards in this sector of healthcare provision from feedback through seventeen medical device manufacturers, the Medical Device Innovation Consortium (MDIC) produced its first medical device security maturity benchmarking tool and report (MDMs). MDIC used the Joint Security Plan (JSP), a product lifecycle reference manual for creating, deploying, and maintaining secure medical devices and health IT products and solutions, in partnership with Booz Allen Hamilton to create 44 survey questions in four categories. The benchmarking tool will be available for MDMs to utilize as a resource to gage maturity in the future, and MDIC aims to publish the report every year. The analysis shed some insight on the security postures and maturity of MDMs while igniting discussion and offering crucial benchmarking capabilities for the industry, even though the data only represent the maturity of 17 MDMs.
The findings
Based on the Capability Maturity Model Integration (CMMI) framework, which the JSP recommends for evaluating the maturity of products and services, MDIC and Booz Allen Hamilton scored responses. MDMs indicated the highest degrees of organizational structure maturity at an average of approximately 1.68 on the scale. The organizational structure section asked MDMs about their roles and reporting lines, as well as whether their product security functions were adequately staffed. Writers of the report stated: “With the release of this initial benchmarking study, the medical technology industry is now on a journey toward increasing cybersecurity maturity,” the report concluded…We hope that future benchmarks will attract additional participants and invite all in the industry to be a part of shaping MDM cybersecurity in the years to come.”
It is hoped that through future iterations of the report that incorporate insights from a wider range of MDMs to assess its current shortcomings and pinpoint security and operational gaps, that patient safety will improve significantly.