In a recent press release, BD (Becton, Dickinson and Company) (NYSE: BDX), a leading global medical technology company, announced it has established a Product Security Partnership Program that emphasizes collaboration across the health care industry to enhance cybersecurity of medical technology and devices.
The new program has three primary components:
- Participation with government agencies, industry associations and security researchers and their efforts to enhance cybersecurity in health care;
- Collaborating with UL to use the ANSI UL 2900 cybersecurity standard and participate in the UL Cybersecurity Cooperative Research and Development Agreement; and
- A cybersecurity vendor certification program where BD verifies third-party security technologies that are compatible with its products and perform as indicated.
"Intelligent and connected medical technologies have transformed how health care providers diagnose and treat patients," said Rob Suarez, director of Product Security for BD. "As cyber attacks become more sophisticated and attempt to find vulnerabilities through an interconnected health system, medical technology companies, health care providers and government agencies need to collaborate even more to protect patients."
As part of its participation with government agencies, BD is participating in the National Institute of Standards and Technology (NIST) Secure Wireless Infusion Pump Program and created a white paper for secure design and architecture. The company also contributed to the Health Care Industry Cybersecurity Task Force to produce recommendations on how to improve cybersecurity across the health care industry. For any potential vulnerabilities in BD products, the company has made a strong commitment to coordinate vulnerability disclosure through the U.S. Food and Drug Administration (FDA), and National Health Information Sharing and Analysis Center (NH-ISAC). This commitment also extends to the Department of Homeland Security National Cybersecurity and Communications Integration Center (NCCIC), which acts through the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) to provide expertise on control systems-related security incidents and mitigations.