U.S. Food and Drug Administration (FDA) Extends its Memorandum of Understanding (MOU) with MedISAO

Topics:
Thought leadership
This is some text inside of a div block.

May 20, 2024

U.S. Food and Drug Administration (FDA) Extends its Memorandum of Understanding (MOU) with MedISAO

MedISAO, an organization composed of members of the medical device manufacturer community dedicated to improving medical device security through education, awareness, and advocacy, announced today its endorsement by the Food and Drug Administration (FDA) through a renewed Memorandum of Understanding (MOU) signed on April 18, 2024, marking a continued collaboration and highlighting the importance of improving the security posture of the medical device ecosystem.

In an era where medical devices are increasingly exposed to cyber risks, a 2023 study found nearly 1,000 vulnerabilities spanning 966 medical products, highlighting the pressing need for proactive cybersecurity measures. By endorsing the partnership, the FDA underscores the imperative continued efforts to enhance cybersecurity, uphold patient safety, and maintain care integrity over the lifetime of a device.

Medcrypt’s acquisition of MedISAO in the fall of 2020 paved the way for offering the benefits of an Information Sharing and Analysis Organization (ISAO) to small and medium-sized businesses (SMBs), alongside Medcrypt’s medical device security solutions, setting a precedent for pre- and post-market security measures to enhance stakeholder cooperation and safeguard patient health.

“This endorsement showcases a continued commitment by the parties as well as their joint support and shared mission to strengthen the security of medical devices,” stated Axel Wirth, chief security strategist at Medcrypt. “Transparency, information sharing, and swift resolution of cybersecurity issues within medical devices are paramount. MedISAO established a robust platform for collaborative information exchange, ultimately enhancing the security and safety of medical devices.”

The FDA is making strides in enhancing its operations, with priorities for the next two years focusing on building internal cybersecurity resources and expertise. It can be assumed that an updated post-market guidance will be part of these initiatives.

Through this, the FDA encourages responsible sharing of vulnerability and threat information among medical device stakeholders, aligning with the 2016 Cybersecurity Post Market Guidance.  Manufacturers actively participating in an ISAO will not face enforcement of certain reporting requirements for high-risk vulnerabilities.

As part of the MOU with the FDA, the partnership aims to raise awareness of cyber risk management resources produced by the Health Sector Coordinating Council (HSCC) and foster trust within the healthcare community.

Daniel Beard, founder of MedISAO, highlighted the partnership’s significance in addressing cybersecurity challenges faced by medical device manufacturers. “Since our inception in 2016, MedISAO has remained committed to enhancing medical device security through collaboration,” said Dan Beard. “Our partnership with the FDA reinforces our mission, empowering manufacturers to enhance their security posture through shared information and resources.”

About MedISAO/Medcrypt

MedISAO, a part of Medcrypt Inc., is an organization composed of members of the medical device manufacturer community dedicated to improving medical device security through education, awareness, and advocacy. MedISAO provides cybersecurity information sharing, education, and tools tailor-made for the medical device industry. MedISAO is a registered ISAO with an FDA MOU providing compliance with the FDA’s recommendation in the Postmarket Management of Cybersecurity in Medical Devices. For more information, visit www.medisao.com and www.medcrypt.com

Medcrypt is helping healthcare technology companies ensure medical devices are secure by design. We provide cybersecurity products and strategic management consulting to expedite the go-to-market process of medical device manufacturers’ new life-saving connected technologies. Founded in 2016 by a team of healthcare cybersecurity experts, Medcrypt is uniquely positioned to be the security catalyst for medical device manufacturers to design secure, FDA-approved technologies. We continue to work with those paving the way toward safe and reliable medtech.

To date, Medcrypt has raised more than $36 million in funding with participation from Johnson & Johnson Innovations, Intuitive Ventures, and Dexcom Ventures. For more information, please visit www.Medcrypt.com.

Related articles

Understanding the Impact of the Pause in NVD Vulnerability Analysis and Exploring New Solutions
This is some text inside of a div block.

Understanding the Impact of the Pause in NVD Vulnerability Analysis and Exploring New Solutions

Tools & processes
This is some text inside of a div block.
Vulnerability management
This is some text inside of a div block.
MedISAO
MedISAO

May 29, 2024

Medical Device Cybersecurity - 2023 Learnings and 2024 Expectations
This is some text inside of a div block.

Medical Device Cybersecurity - 2023 Learnings and 2024 Expectations

All topics
This is some text inside of a div block.
Axel Wirth
Axel Wirth

December 18, 2023

Building Trust in a Connected World: Digital Certificates in Healthcare
This is some text inside of a div block.

Building Trust in a Connected World: Digital Certificates in Healthcare

Cryptography
This is some text inside of a div block.
All authors
All authors

November 15, 2023

Subscribe to Medcrypt news

Get the latest healthcare cybersecurity news right in your inbox.

We'll never spam you or sell your information

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.