In an effort to harmonize the work being done in hospitals and by device manufacturers to address medical device vulnerabilities, Vizient has formed the Medical Device Cybersecurity Task Force. The mission of the task force is to provide leadership and facilitate collaboration to minimize the risk and cost of medical device cybersecurity by fostering standard practices.
“The goal is to help reduce cybersecurity risks and the cost of assessing risk. One of the key near-term deliverables is a multi-phase roadmap that will help advance the cybersecurity maturity posture of the entire health care industry,” said Ross Carevic, director, technology sourcing operations at Vizient.
The Vizient task force includes information security leaders from 25 member health system. It will also engage device manufacturers, suppliers, cybersecurity consultants, government and industry experts.
The task force will be assessing the overall maturity level of cybersecurity for medical devices and identify areas to improve. It will also focus on sourcing enhancements, standards, governance and information sharing best practices to reduce exposure to risk.
As an example, the Vizient contract portfolio includes more than 500 contracts with networked devices. The company is working closely with members, suppliers and cybersecurity experts to add additional terms into the contract language as well as modifications to the weightings related to cybersecurity safeguards in the RFP scoring process. This will enhance the cybersecurity of the devices in Vizient’s portfolio for the benefit of patients and providers.
“We are viewing this from an entire industry perspective, not just for Vizient members and suppliers. Wherever possible, we intend to make key deliverables publically available, which will help suppliers and providers prioritize their remediation plans for older medical devices and ensure appropriate safeguards are included in new devices for the benefit of all patients,” said Carevic.