Getting Started with a Cybersecurity Incident Response Plan for Your Medical Devices

Cybersecurity of medical devices is a growing concern. A cyber attack can disrupt hospital operations, expose confidential protected health information (PHI), damage a facility's reputation, and in extreme cases, cause patient harm. Nevertheless, medical devices remain a commonly overlooked cybersecurity focus.

Does your facility have a plan in place for responding to a cyber attack involving one or more of your devices? Effective preparation is key. It's not enough to take preventive measures; you must know what to do when an incident occurs. You need a robust cybersecurity incident response plan—a playbook that explains what to do when an incident has occurred or, more commonly, when a vulnerability is disclosed. Such plans are common in many sectors, but less so when it comes to medical devices in hospitals.

This article is based on guidance found in the National Institute of Standards and Technology's (NIST) Computer Security Incident Handling Guide. Our article takes the NIST guidance, which is more general in nature, and applies it specifically to incidents involving medical devices.

The phases of the incident response process, as described in the NIST guide, are preparation, detection and analysis, containment/remediation, and post-incident activity. Here we address each phase, focusing primarily...