The Global Digital Health Partnership (GDHP) Cyber Security Work Stream, in collaboration with Synapxe, the national HealthTech agency of Singapore, has launched globally the GDHP Guidance for Medical Device Cybersecurity (GMDC) framework.
This is seen as a significant move to bolster cybersecurity in healthcare worldwide as GMDC is a comprehensive framework targeted at medical device manufacturers (MDM) and healthcare delivery organisations (HDO) internationally.
Adapted from the four levels of security assurance outlined in the Cybersecurity Labelling Scheme for Medical Devices in Singapore, it recommends a standardised framework that MDMs can use to identify the necessary cybersecurity features to build into their medical devices, as well as guide HDOs in the selection of medical devices for deployment and use.
GMDC applies to medical devices that handle personal identifiable information (PII) and clinical data with the ability to collect, store, process, or transfer such information. It also applies to those connecting to other devices, systems, and services through wired and/or wireless communication protocols via a network of connections.
Medical devices, including patient monitors and imaging systems, are a growing target for cyberattacks as attackers exploit vulnerabilities to access sensitive patient data and disrupt critical healthcare services.
In addressing this urgent global threat, GDHP Cyber Security Work Stream collaborated with Synapxe to develop GMDC. Leveraging the foundational work of Singapore’s cybersecurity framework, as well as international regulatory requirements and standards, GMDC is designed to be both robust and forward-looking.
GMDC extends beyond Singapore borders, with the goal of building resilient healthcare ecosystems worldwide to safeguard medical devices on a global scale.
GMDC comprises four medical device cybersecurity levels, with each higher level being more comprehensive in the assessment. Through recommending cybersecurity requirements for medical devices tiered into these four levels, GMDC serves to guide MDMs on developing “secure-by-design” products.
In addition, GMDC equips HDOs to identify the most pertinent cybersecurity features that they should consider and assess when deploying and using medical devices in the clinical setting. HDOs can also use it as a declaration of conformity by manufacturers to perform risk assessments as part of their procurement efforts.
“Through the launch of GMDC, we aim to equip (MDMs and HDOs) with the tools needed to navigate an increasingly complex cybersecurity landscape,” said Lisa Lewis Person, deputy assistant secretary for technology policy and co-chair of GDHP Cyber Security Work Stream.
“We see strong potential for GMDC and encourage GDHP member countries to incorporate GMDC as part of their manufacturing and into their procurement specifications,” said Person.