MITRE: Medical Device Cybersecurity: Regional Incident Preparedness and Response Playbook
This framework and the summary below were published by MITRE in October 2018. ICIT strongly encourages you to visit the MITRE Publication Library to search for additional information security resources which are freely available.
Framework Purpose and Objective
Regions are beginning to organize cybersecurity incident preparedness activities. While similarities exist with natural disaster emergency preparedness and response, cybersecurity has unique characteristics that warrant specific integration of cybersecurity incident planning within an HDO’s emergency plans and across stakeholders. The purpose of the playbook is to serve as a tool for regional readiness and response activities to aid HDOs in addressing cybersecurity threats affecting medical devices that could impact continuity of clinical operations for patient care and patient safety. The objectives of the framework are to:
Provide baseline medical device cybersecurity information that can be incorporated into an HDO’s emergency preparedness and response framework;
Outline roles and responsibilities for responders internal and external to the HDO to clarify lines of communication and concept of operations (CONOPs) across HDOs, medical device manufacturers (MDMs), state and local governments, and the federal government;
Describe a standardized approach to response efforts that would enable a unified response within HDOs and across regions as appropriate;
Serve as a basis for enhanced coordination activities among medical device cybersecurity stakeholders, including mutual aid across HDOs;
Inform decision making and the need to escalate response;
Identify resources HDOs may leverage as a part of preparedness and response activities; and
Serve as a customizable regional preparedness and response tool for medical device cyber resiliency that could be broadly implemented.