fbpx
1-888-310-4540 (main) / 1-888-707-6150 (support) info@spkaa.com
Select Page

What’s in the MITRE/FDA Playbook?

What’s in the MITREFDA Playbook
Published by SPK Blog Post
on December 17, 2018

On October 2018, the MITRE Corporation and the Food and Drug Administration released their joint document, Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook. This is the new Bible for organizations designing and manufacturing connected medical devices.

The document is the product of a four-year partnership between MITRE and the FDA. The document was developed in response to real-world cybersecurity breaches such as WannaCry and Petya/NotPetya. It focuses primarily on these types of potential large-scale threats.

MITRE and the FDA recommend regional collaboration. Individual organizations have necessarily limited resources that might not be up to the task of addressing emergent cybersecurity vulnerabilities. Trusted partnerships, however, established on a regional basis, can pool resources and become greater than the sum of their parts. These pooled resources can assist not only preparedness for existing threats, but fast response to zero day and other emerging threats.

MITRE and the FDA provide a number of concrete suggestions for collaboration in the document including:

  • Joint exercises and simulations
  • Sharing policies, plans and best practices
  • Development of mutual aid response plans
  • Sharing advisories and alerts
  • Ensuring access to shared advisories and alerts
  • Formal and informal methods of real-time information sharing
  • Secondary channels of communication
  • Creation of regional command centers
  • Incident tracking procedures
  • Mutual aid agreements such as diverting patients or sharing devices
  • Mutual technical assistance

Regional groups need not be limited to manufacturers and designers. Stakeholders from the initial design team all the way to patient advocacy groups can and should come together. Cybersecurity for connected medical devices is decidedly an area where there is strength in numbers.

Once regional groups of organizations are established and follow these guidelines, it’s only a logical next step that these regional organizations will begin communicating with one another. This opens the opportunity for unified response across regions as appropriate. Even when cybersecurity breaches occur they can be dealt with swiftly. Contingency plans mean less inconvenience for end users, which in turn provides another layer of safety.

None of this will eliminate cybersecurity threats. What it will do, however, is make organizations more resilient when it comes to vulnerabilities to connected devices. What’s more, the guidelines are very open. This allows organizations and groups of organizations to adapt them in ways that make sense for their specific situation rather than a one-size-fits-all template that might not actually fit all.

Next Steps

Latest White Papers

6 Secrets To A Successful Atlassian Migration At Scale

6 Secrets To A Successful Atlassian Migration At Scale

With large scale migrations, large user bases, multiple Atlassian tools, plenty of apps, and lots of data, moving to Atlassian Cloud may feel like a steep mountain to climb. But, it doesn't have to be. In fact, we've already helped many customers make the move. Plus,...

Related Resources

Latest AWS News for Q3 2022

Latest AWS News for Q3 2022

With over 1100 product and service updates from AWS in 2022 alone, you may have missed some of the more important notifications from the cloud services giant.  Luckily, SPK’s team is here to provide you with a summary of the latest and greatest from Amazon Web...

Smarter Engineering For Medical Devices

Smarter Engineering For Medical Devices

Medical devices are subject to some of the strictest design control regulations in the world. And for good reason. U.S. medical devices are governed by the Food and Drug Administration (FDA). In order to meet the high standards, teams must communicate - effectively....

SPK Accelerates Fortune 100 MedDevice Product Sale

SPK Accelerates Fortune 100 MedDevice Product Sale

Our client is Fortune 100 Medical Device manufacturer. SPKAA acts as a product cybersecurity managed service provider for their hospital products which have embedded Windows or Windows OS.   Fortune 100 MedDevice Problem For over 10 years, SPK has provided ongoing...