Last month, a government group tasked with identifying threats to information security and privacy sent to the U.S. Office of Managment and Budget (OMB) a list of recommendations to ensure the safety of Internet-connected medical devices.
The Information Security and Privacy Advisory Board (ISPAB), a subgroup of the National Institutute for Standards and Technology, discussed the matter of device security at its February board meeting. Experts spoke about cybersecurity threats to the millions of connected medical devices on the market, and the group noted a lack of accountability and oversight regarding the problem.
On March 30, the ISPAB sent to the OMB a letter with five recommendations intended to address the problems it identified. Among the board's suggestions were calls to assign responsibility for assessing security risks in devices to a single government agency; task one agency with educating users, care providers, and manufacturers about the risks of Internet-connected devices; and define a reporting protocol for cybersecurity incidents.