AAMI News November 2019
New TIR Helps Manage Postmarket Security Risk
TIR97:2019, Principles for medical device security—Postmarket risk management for device manufacturers, is to be used with TIR57:2016, Principles for medical device security—Risk management. TIR97 provides guidance on performing postmarket security risk management for medical devices in the context of the safety risk management process required by ANSI/AAMI/ISO 14971:2007, extending the ISO 14971 definition of “harm” to include incidents outside patient physical harm, for example, reduction in effectiveness and breach of data and systems security.
The TIR includes several flow diagrams for networked medical device security prioritization and decision-making. It also includes sample medical device security policy statements, an overview of security risk management for healthcare networks, and a review of manufacturer-specific considerations for starting a coordinated vulnerability disclosure process.
TIR97 should help networked medical device manufacturers prepare for these security threats, as well as seek out new threats, determine their risk, and develop a plan of action, said Sagar Patel, member of AAMI SM-WG05 Device Security Working Group, the standards group that developed TIR97. He provided a specific example of how TIR97 could be used by a manufacturer when a third-party security researcher discloses a vulnerability in a device through the coordinated vulnerability disclosure process.
“In such a scenario, the TIR would guide the manufacturer through remediation planning, stakeholder communication, and deployment of security updates,” said Patel, cybersecurity software engineer at Battelle in Columbus, OH.
The report and the related TIR57 can also be used by healthcare delivery organizations (HDOs) to vet equipment and security processes using standardized criteria, said Patrick Lashway, member of the AAMI SM-WG05 and a biomedical equipment technician in Portland, OR. “This makes it much easier for those with purchasing power to identify quality products with security features they can rely on for more than just a few years,” he said.
“The TIR also addresses design considerations, planning for device retirement, and suggestions regarding the relationship and expectations between a device manufacturer and HDO,” said Wil Vargas, director of standards at AAMI. “To me this can be the ‘now what’ once a device is deployed but adds even more value when incorporated in to the initial design process itself.”