https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/IoTWorldToday-mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

Connected Health Care


Getty Images

Vital signs monitor

Why UL and the VA Teamed up on Medical Device Cybersecurity

The medical device cybersecurity alliance could have benefits for the VA as well as the U.S. health care system. 
  • Written by Brian Buntz
  • 21st October 2019

The U.S. Department of Veterans Affairs and UL have completed a two-year Cooperative Research and Development Agreement focused on medical device security. “This was a first-of-its-kind engagement,” said Anura Fernando, chief innovation architect of medical systems interoperability and security at UL. The collaboration took place from 2016 to 2018. 

The backstory behind the news dates back five years ago. Michael Daniel, then the White House’s national cybersecurity coordinator, said he was “intrigued” by the prospect of a UL-style organization focusing on cybersecurity in April 2015. Given UL’s history protecting critical infrastructure such as electrical networks and home wiring infrastructure and so forth, the idea was also compelling to executives at UL. And the organization would go on to create the underpinnings for such an organization. 

Also adding fuel to the effort was the 2015 announcement from the U.S. Office of Personnel Management that it was the victim of a cyberattack that exposed records of up to 4 million people. After that, the General Services Administration convened a variety of government agencies to discuss why breaches such as the OPM were a reality, despite the U.S. government’s history of following cybersecurity best practices and standards. UL executives were invited to the meeting, as well. 

“We concluded there was a fundamental need for repeatable, reproducible test-based standards that would generate objective evidence that could substantiate claims of security and recommend best practices to follow,” Fernando said. 

That conclusion motivated UL to create its cybersecurity-based 2900 standards to fill what Fernando described as an “open niche” in the standards landscape. “The UL 2900-1 standard had the general requirements that were intended to cut across critical infrastructure industry sectors,” he said. “And then UL 2900-2-1 was tailored for health care, in particular, being aligned with FDA guidance documents and things like that.” 

In the process of creating a seed document for the standards, UL executives sought input from a variety of organizations. “And as part of those precursor discussions, we engaged in a meeting with [The United States Department of Veterans Affairs] around the margins of the Software Supply Chain Assurance Forum,” Fernando said. 

The U.S. Department of Veterans Affairs, which cares for approximately 9 million patients, was looking for more effective strategies to manage its cybersecurity posture.  

One of the outcomes of those conversations between UL and the VA was the idea to launch a cooperative research and development agreement. “We launched the CRADA in part to solicit specific needs that were being seen for helping provide care to veterans — not only within the Veterans Health Administration facilities but also [for] telemedicine [applications].” 

The partnership with the VA also provided valuable feedback to UL as it began to move from drafting the standards to tapping the American National Standards Institute for consensus building. “Everything worked out really well from a timing point of view,” Fernando said.  

In 2017, the Food and Drug Administration announced it recognized the UL 2900-1 standard. A number of other regulatory agencies across the world, from Health Canada to South Korea’s Ministry of Science and ICT, also support the standard.

Another fortuitous event is that the medical device company ICU Medical contacted UL with the intent of receiving certification under the UL Cybersecurity Assurance Program. It ultimately became the first to do so. 

“Whenever you put a new standard out there, it’s great to have somebody see value in it and then step up and lead the market with it,” Fernando said. 

ICU Medical’s early involvement with UL led to the use of its Plum 360 infusion pump in a security control testing demonstration with UL at a Veterans Health Administration facility. The product, which met UL 2900 standards, also demonstrated its security controls were sufficient to thwart a variety of simulated attacks at a VA facility. 

In the long run, Fernando said he expects the CRADA to lead to cybersecurity gains at both the VA and across the U.S. health care system. In particular, such collaborations can help address concerns that have become apparent recently. Examples include the threat of cyberwarfare as well as ransomware targeting health care establishments. 

A decade ago, the topic of medical cybersecurity was research-oriented and non-adversarial. “We’re also looking at this from a cyberwarfare perspective and health care as critical infrastructure that could potentially be attacked,” Fernando said. “We are also looking at the threat of organized crime.” 

Added to the mix is the struggle of the broader health care ecosystem to reduce costs and take care of the aging population, which, in turn, has led to an uptick in interest in connected medical devices to help drive efficiency and to support at-home health care. 

Given these risks, the CRADA and the supporting UL 2900 standards are more pertinent than its architects could have imagined. 

Tags: Security services Connected Health Care Security Features

Related Content


  • AI Summit 2022: Health Care AI Group Wins Into the Den Competition
    Panakeia wins the dragon-den style pitching competition from 30 of the best and brightest AI startups
  • University of Tokyo robotic skin
    Researchers Develop Living Skin for Robots 
    Made from real human skin cells, the material has self-healing capabilities and is a major step forward for humanoid robotics
  • Vayyar Hardware Teardown
    Imaging Sensor Startup Secures $108M for 4D Imaging Pipeline
    The group had its beginnings in health care, but has expanded to retail, automotive and more
  • Crab micro-robot
    Robotic Crab is Smallest Walking Bot Ever
    The miniature bot uses shape memory alloys and has potentially groundbreaking applications in the health and manufacturing sectors

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest News

  • FDA Clears Robotic Exoskeleton for Multiple Sclerosis Patients
  • Microsoft Extends Secured-Core Program to IoT Devices
  • Spot the Robot Dog Helps Police Ahead of Boston’s Fourth of July Celebration
  • Researchers Create 3D Printing Process for Robotic Materials

Roundups

View all

IoT Product Roundup: Canonical, InfluxData, Wiliot and More

23rd June 2022

IoT Product Roundup: Cisco, Telit, Draganfly and More

9th June 2022

IoT Deals, Partnerships Roundup: Google, Arm, Senet and More

26th May 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Latest Videos

View all
Image shows Unilever's Alberto Prado at AI Summit 2022 in London

AI Summit 2022: Unilever’s Alberto Prado

Prado talks about how Unilever is using AI to accelerate the speed of new discoveries and gives them access to more breakthrough innovation

Image Shows John Lewis' Barry Panai at AI Summit London 2022

AI Summit 2022: John Lewis’ Barry Panayi on AI in Retail

Panayi talks about data and AI in retail and how individuals and the technology can work together

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Rethinking the Database in the IoT Era

18th May 2022

Jumpstarting Industrial IoT solutions with an edge data management platform

12th May 2022

AI led Digital Transformation of Manufacturing: Time is NOW

9th December 2021

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

IoT Product Roundup: Nokia, Energous, Dashbot and more dlvr.it/STRKDh https://t.co/YgTAI5SXSB

6th July 2022
IoTWorldToday, IoTWorldSeries

A new #IoT bug monitoring system from @CENSIS121 is helping the UK’s #forestry industry fight pests, and save money… twitter.com/i/web/status/1…

6th July 2022
IoTWorldToday, IoTWorldSeries

NHTSA Boss Hints at Federally Regulating Autonomous Vehicles dlvr.it/STQrrw https://t.co/Yjp1UKuaE5

6th July 2022
IoTWorldToday, IoTWorldSeries

Nvidia Powered Driverless Three-Wheelers Set to Debut dlvr.it/STQq0H https://t.co/RrYyVPgFzB

6th July 2022
IoTWorldToday, IoTWorldSeries

New Drone System Aims for Full Autonomy dlvr.it/STQnvV https://t.co/S4O8hb6gQh

6th July 2022
IoTWorldToday, IoTWorldSeries

Bosch, VW Approved to Develop Automated Driving dlvr.it/STQllD https://t.co/neI30dVmC6

6th July 2022
IoTWorldToday, IoTWorldSeries

🤔 Looking for 3 Strategies to Avoid IoT Key Theft? We’ve got you covered! As tech companies continue to develop an… twitter.com/i/web/status/1…

5th July 2022
IoTWorldToday, IoTWorldSeries

AI Summit 2022: Unilever’s Alberto Prado dlvr.it/STMpRN https://t.co/1dyLREr8N6

5th July 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X