Tech & Innovation in Healthcare

The U.S. Food and Drug Administration (FDA) and MITRE announced version 2.0 of the Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook in November 2022. The FDA requested MITRE update the playbook due to emerging healthcare technologies, an increase in ransomware attacks, and the rising number of medical devices with internet connectivity, so healthcare organizations can stay prepared for possible cybersecurity incidents.

According to an announcement from MITRE, the playbook “outlines a framework for health delivery organizations (HDOs) and other stakeholders to plan for and respond to cybersecurity incidents around medical devices, ensure effectiveness of devices, and protect patient safety.”

Hospitals and HDOs can use the information in the playbook to effectively prepare for a cybersecurity incident by evaluating medical devices, assessing vulnerabilities, and creating an incident response communications plan. If a cybersecurity incident occurs, the playbook details how to detect, validate, report, and document the incident. Plus, if a hospital or HDO experiences a medical device cybersecurity incident, the playbook offers guidance on regional preparedness and response recommendations.

In addition to the updated playbook, new and existing users can get up to speed quickly and isolate key components easily with the Quick Start Companion Guide.

MITRE published the first version of the playbook in 2018 in response to the 2017 WannaCry ransomware attack. The 2017 attack brought to light the need for stronger cybersecurity preparedness, so the healthcare sector can “execute an enhanced, effective, real-time response” to threats to ensure clinical operations continue.