SHARED RESPONSIBILITY
As part of a shared responsibility commitment, MITA
supports hospital work to strengthen their resistance
to ransomware attacks through the “3-2-1 backup
approach” recommended by the U.S. Cybersecurity and
Infrastructure Security Agency (CISA). It entails saving
three copies of critical patient or other health care-
related data in a minimum of two different formats and
storing one copy offline where it cannot be affected by
ransomware or other malicious attempts by hackers.
SUPPORT POLICIES INCENTIVIZING THE RETIREMENT OF LEGACY DEVICES
In healthcare, secure design practices have seen
significant improvement since the FDA released its 2014
final guidance, “Content of Premarket Submissions for
Management of Cybersecurity in Medical Devices.” Now,
best practices are better understood by all participants.
This improvement is reflected in devices designed with
security in mind across the total product lifecycle.
Today, plans are developed along with devices and
implemented to ensure software remains updated.
Security controls are also easier to deploy and use and
more security-related information is provided to the
users. To fully realize these benefits, healthcare providers
need resources to transition legacy products from use
and replace them with newer devices that were designed
and developed to be secure from inception across the
expected life of the device.