Diabetes Technology Society launches cybersecurity standard for medical devices
The Diabetes Technology Society released its cybersecurity standard for networked-connected smart medical devices.
The public platform, called DTSec, contains a set of performance requirements to improve cybersecurity through independent expert security evaluation.
While the tool is targeted toward life-critical smart devices like insulin pump controllers and continuous glucose monitors, according to the standard's authors, DTSec could be applied to any medical product or component in the future.
Sign up for the Healthcare IT News Privacy & Security Update newsletter.
The tool provides a blueprint for efficient, measurable security for networked electronic products and systems in any industry, David Kleidermacher, chief security officer and one of the standard’s lead authors, said in a statement. David Klonoff, MD, medical director of Diabetes Research Institute and DTSec steering committee chair, added that DTSec will help device manufacturers, regulators and ultimately consumers by securing devices on the Internet of Medical Things to improve care and quality of life.
DTSec utilizes an ISO/IEC 15408 framework to define security requirements on smart devices, as it creates "Protection Profiles" and "Security Targets" derived from Protection Profiles. DTSec-approved labs, such as Brightsight, evaluate the smart medical devices to ensure the product meets security requirements. The Diabetes Technology Society will publish the names of products that successfully pass the evaluation process.
“We can’t hope to raise the cybersecurity bar,” Kleidermacher said, “if we don’t know how to measure its height.”