The new MDISS World Health Information Security Testing Lab (WHISTL™) facilities will comprise of a federated network of medical device security testing labs, independently owned and operated by MDISS-member organizations. The goal is to help organizations work together to more effectively address the public health challenges arising from cyber security issues emergent in complex, multi vendor networks of medical devices. MDISS members get preferred access to WHISTL™ labs all over the world.
Free to HDOs, the MDRAP™ (medical device risk-assessment platform) is a cyber risk assessment and data sharing platform. Results are dynamic and easy to collate. Crowdsourced from vetted Healthcare Technology professionals, MDRAP™ generates a new kind of medical device security profile – one that is easy to complete, clear, concise, and (most importantly) actionable. MDRAP™ assessments are deeper, more flexible and more contextual than MDS2’s. It’s transparent, actionable and fast – and the network effects of “crowdsourcing” mean that your team spends less time entering data and more time addressing controls.
Register
MDISS partners with major Universities and academicians around the country to connect researchers to their counterparts on the front lines of business and healthcare. University faculty and students get special discounts on MDISS programs and memberships, and
Healthtrust Purchasing Group is pioneering an initiative across its more than 1000 member hospitals to incorporate cyber vulnerability information sharing as a required element of their procurement process. Healthtrust Purchasing Group hospitals, as members of the MDISS HDO Senate, will engage with MDISS in close collaboration with medical device manufacturers to expedite high quality, timely information-sharing. To learn more, write to our Executive Director Dale Nordenberg, below.
email DALE now
MDRAP, the Medical Device Risk Assessment Platform partly funded by a contract with the US Department of Homeland Security, is an agile, web-based software platform that evolves incredibly fast. We often share our roadmap and development plans for the next several versions of MDRAP with members and stakeholders. If you’d like to be included in these discussions and sneak-peaks, drop a line to phil.englert@mdiss.org.
Email Phil Now!
MD-VIPER was created through an operational partnership & MOU between the FDA, NH-ISAC and MDISS. MD-VIPER interfaces directly with FDA systems to help healthcare providers improve their situational awareness of medical device threats, as well as collect best practices and mitigation strategies from around the country. This program is key to the Federal Drug Administration’s (FDA) oversight of medical device manufacturer’s processes and provisions of guidance.
Consider Data Commons your secure data-sharing clearinghouse where you can share finished device risk assessments and find already-finished assessments from thousands of manufacturers, researchers, clinical engineers and other hospital stakeholders. Share best-practices and keep up with the latest vulnerabilities here, too - all while protecting your Intellectual Property and patient privacy.
This is a new initiative based on the CDC's National Health Safety Network (NHSN); it aims to leverage public/private partnerships with federal agencies, state and local public health officials, academics and researchers, and the rest of the stakeholder community to create better patient outcomes. This is
MDISS helps create a safe environment where medical device manufacturers with common concerns can find common ground. Manufacturers cooperate where it counts – on patient safety and public health – without disclosing their IP risking their commercial competitive advantages.
Helps member organizations, from hospitals to device manufacturers to security firms, communicate with the government – and each other – more effectively and productively. MDISS supports member organizations that might have historically “sat” on potential problems to instead embrace them publicly, helping them drive dramatic product improvements faster.
Formed under the auspices of CHIME, an executive organization dedicated to serving Chief Information Officers (CIOs) in Healthcare, the Association for Executives in Healthcare Information Security (AEHIS) and
MDISS participates on the working committee producing the ANSI/AAMI/IEC 80001-1 standard, specifically with regards to the application of risk management for IT Networks incorporating medical devices. It defines responsibilities for device manufacturers, non-medical device manufacturers, providers, IT integrators, and anyone else engaged in installing, using, reconfiguring, maintaining and decommissioning networks incorporating medical devices. Importantly, this standard specifically addresses risks to patients, among others.
Hey! That’s where you are right now! Our revamped website and the
About once every six weeks, NH-ISAC and MDISS co-produce a one-day medical device security workshop somewhere in the USA and Canada. Smaller and less wide-ranging than the MDISS CONGRESS, the workshops typically have about 45 attendees and create a safe, intimate environment where HDO’s, CEs, IT professionals and security geeks can work out the hairy details of medical device threat sharing in one of the most regulated and privacy-conscious industry sectors there is. You can find these workshops on our event page, or by clicking the button below!
Take a look
At the MDISS Congress, everybody gets together to compare notes, celebrate successes and share the pain of hard-learned lessons. The most recent event took place in 2017 at the National Security Institute at the George Mason University School of Law on Oct 31- Nov 1st in Arlington, VA. This was an invitation-only gathering of 150 of the nation’s brightest cyber-medical experts, hospital CIOs and CISOs, clinical engineering specialists, technology firms, regulators, legislators & standards authorities. The event was a co-production of
This is the top level of
This is a different kind of
The crowd sourced and expert-vetted device security evaluation and reporting platform from MDISS. MDRAP catalogs risk profiles and real-world performance data for thousands of different medical devices in situations around the world.
Take a look
"Patient encounters with connected -- yet poorly secured -- medical devices are increasing exponentially, and nobody really has a handle on the risks we’re facing. We’ve got to integrate best practices from cybersecurity, public health and clinical engineering disciplines to better understand and mitigate these threats, and the new MDISS network of WHISTL device testing and data sharing facilities are a huge step in the right direction."
