Can MITA's Medical Device Security Guidance Help Your Organization?

MITA's Medical Device Security Guide

Photo Attribution: wei/stock.adobe.com

The Medical Imaging and Technology Alliance (MITA) recently published a cybersecurity and risk management guidance for medical devices in an attempt to direct healthcare providers on how to deal with device related issues. It acts as a voluntary guide and outlines security features that have been integrated into medical devices. The standard, called the Manufacturer Disclosure Statement for Medical Device Security (MDS2), was developed by and with industry stakeholders in mind.

How does the MDS2 benefit you?

Users can benefit from MITA's detailed description of device features and capabilities. They can also gain an understanding of the roles they, as healthcare providers, must play and the responsibilities manufacturers have in securing medical devices. According to the guide, manufacturers must "ensure the devices they place on the market include industry-standard security controls to enable safe and secure operation." This assists healthcare providers in fulfilling their responsibilities towards medical device security operations within their organizations.

One of the more practical things that MITA has introduced to help both manufacturers and organizations alike is a data sheet that the former can complete. Manufacturers can detail in it all their devices' security features, including audit controls, authorization controls, data backup and disaster recovery functions and much more. Such information can guide organizations in their performance of risk assessments and their development of effective cybersecurity risk management programs.

Working together to raise the bar

MITA's standard aims to fill in some of the blanks and increase transparency in the healthcare industry. It promotes communication, cooperation and understanding between all stakeholders involved in the security of medical devices. This includes manufacturers, healthcare providers, government agencies, and cybersecurity researchers.

Nonetheless, the authors stress that before using it, healthcare providers must identify the most suitable security controls for their devices by assessing their security, performance, operational environment and other relevant factors. Additionally, the guidance cannot stand alone, rather it should be used concurrently with other existing information, laws and regulations regarding the delivery of secure care.

Standards such as this one are what improve cybersecurity in healthcare organizations. Research conducted by the Department of Veteran Affairs and UL research revealed that guidance, testing and certifications improve medical device security. This is because as technology evolves and the healthcare industry gains a better understanding of cybersecurity, stakeholders begin looking to standards to guide their device procurement process and secure their new tech.

Client Success

MetroHealth System Logo
  • 50% reduction in time to deploy Giva's change, incident, problem, asset management and knowledgebase modules
  • 60% reduction in the 5 year Total Cost of Ownership (TCO)
  • Saved at least 1 FTE due to lower ongoing administration
  • Saved 1 week per month due to easy to use reports
Athens Regional Health System Logo
  • Increased to 90% achievement in meeting service level agreements
  • 70% reduction in generating reports and admin; eliminated 35 hours/month
  • 50% faster to create/assign a service request
  • 60% increase in information captured during the initial phone call
  • 50% increase in the number of service requests created due to intuitive design
Santé Health Systems Logo
  • 80% increase in productivity by using Giva's dashboards and reports
  • 60% increase in meeting service level agreements
  • 45% increase in the number of the calls logged due to Giva's intuitiveness and ease of use
  • 50% increase in productivity by using Giva's integrated custom forms