Medical device security within the ecosystem starts from the conception of the device and continues until the final time it is decommissioned. Every phase presents a new set of risks and responsibilities for each participant, including device manufacturers, regulators, and healthcare delivery organizations. For instance:
- Medical device manufacturers must develop security into products by design and produce patches to maintain security through the lifetime of a device
- Regulators serve as a critical fulcrum of the marketplace; the global regulatory bodies’ role is to set standards and assess the benefits versus the risks before products go to market
- Healthcare delivery organizations hold the responsibility to protect patients by managing their networks and applying patches to maintain resilience against attack
Booz Allen supports clients across the total product lifecycle with DevSecOps, regulatory science, cybersecurity integration, asset management, and threat hunting. It is essential to work with manufacturers, regulators, and healthcare delivery organizations to ensure patients have access to new life-saving technologies without undue risk of cyber attack.