FDA Releases Updated Cybersecurity Playbook

To prepare healthcare delivery organizations (HODs) plan, prevent and address cybersecurity issues, FDA released an updated playbook listing expected processes and tools at these organizations. The playbook lists various scenarios that may be encountered when using connected devices containing sensitive medical information, steps to reduce their vulnerabilities to malicious attacks, and addressing the incidents when they do happen. While medical devices are required to address cybersecurity vulnerabilities at development stages and provide post-market support to their customers, it is important that the end-users of such technologies, namely the HODs, also be prepared to deal with cyber-attacks. The playbook lists four steps or phases to address cybersecurity preparedness of an organization. First, training the personnel at the HODs in ways to respond to cybersecurity incidences and ensuring that the systems, networks, and applications are sufficiently secure. Second, creating processes for timely and prompt detection and analysis of cyber-attack incidents, so suitable corrective and preventive measures could be implemented. Third, processes for containment of the incidence, remedial actions, and recovery to normal operations, so the event does not overwhelm resources and increase the damage caused by it. And fourth post-incident preventive measures to improve security measures to prevent future such event based on the lessons learnt from the ones that occurred. The playbook offers several templates, definitions, tips, and tools for HODs to create FDA-compliant cybersecurity environments. It can help organizations create SOPs, training procedures, drills, and references to be better prepared for robust cyber-countermeasures.