News | Cybersecurity | August 23, 2017

MDISS Launches 'WHISTL' Network of Medical Device Security Testing Labs

Non-profit network will focus on vetting complex multi-vendor, multi-device critical care environments like hospital intensive care units, operating theatres and emergency rooms

MDISS Launches 'WHISTL' Network of Medical Device Security Testing Labs

August 23, 2017 — The Medical Device Innovation, Safety and Security Consortium (MDISS) recently launched the first of more than a dozen planned device security testing labs and cyber-ranges. The new MDISS World Health Information Security Testing Lab (WHISTL) facilities will comprise a federated network of medical device security testing labs, independently owned and operated by MDISS-member organizations including healthcare delivery organizations, medical device manufacturers, universities and technology companies. Each WHISTL facility will launch and operate under a shared set of standard operating procedures. The goal is to help organizations work together to more effectively address the public health challenges arising from cybersecurity issues emergent in complex, multi-vendor networks of medical devices.

While such security ‘proving grounds’ are not new to enterprise information technology (IT), WHISTL is the first network of labs specifically designed around the needs of medical device researchers, healthcare IT professionals and hospital clinical engineering leaders. By the end of 2017, MDISS WHISTL facilities will open in New York, Indiana, Tennessee and California as well as in the United Kingdom, Israel, Finland and Singapore.

Benjamin G. Esslinger, CBET manager/clinical engineer at Eskenazi Health, said, “Working with MDISS over the past year on WHISTL has helped us make real progress against some very complex risk scenarios, while keeping the focus on patient safety.” Esslinger is the current 2017 Trustee and past president of the Indiana Biomedical Society. He works with Matthew S. Dimino, an imaging engineer at Eskenazi Health and educator at Indiana University - Purdue University Indianapolis.

Esslinger continued, “Remember, medical devices are still on the frontier of cybersecurity, and security best practices for devices are still maturing. Our new WHISTL facility enables us to run medical devices through tougher, more realistic test regimes. Hidden vulnerabilities surface more quickly, and that helps us build more responsive standard operating procedures.”

WHISTL facilities focus on identifying and mitigating medical device vulnerabilities, sharing solutions and best practices, and device security education and awareness. Newly uncovered vulnerabilities will be responsibly reported to device manufacturers and to the NHISAC-MDISS Medical Device Vulnerability Program for Evaluation and Response (MDVIPER) at mdviper.org

“WHISTL will provide much-needed insight from actual developers and users of medical devices, which will result in increased relevant and actionable information sharing and situational awareness for all stakeholders in healthcare”, said Denise Anderson, president of NH-ISAC. “NH-ISAC looks forward to partnering with MDISS on this important effort for the community.”

MDISS, under a $1.8M contract from the Department of Homeland Security (Science and Technology Directorate, Cyber Security Division) built the medical device cyber risk assessment platform (MDRAP). The platform helps health systems, device manufacturers and technology firms collaborate to produce and share device risk assessments. The fast-growing and standards-based MDRAP platform features moderated crowdsourcing and facilitates timely, responsible sharing of risk assessments and threat indicators, while helping automate critical device inventory, audit, oversight and vulnerability tracking tasks for hospitals.

Dale Nordenberg, M.D., executive director of MDISS, and former CIO at the Centers for Disease Control’s National Center for Infectious Diseases, stated, “MDISS WHISTL facilities will dramatically improve access to device security know-how while protecting patient privacy and stakeholder intellectual property. Solid cyber-lab governance will support an international-scale network of research and training centers of excellence, designed especially for medical device designers, hospital IT and clinical engineering professionals.”

WHISTL’s device testing protocols will have their foundation in the UL Cybersecurity Assurance Program (UL CAP) specifications, especially with regards to fuzz testing, static binary analysis and structured penetration testing.

For more information: www.mdiss.org

Related Content

AI Metrics, LLC, a medical imaging startup focused on augmented intelligence to improve patient care, announced today that the U.S. Food and Drug Administration (FDA) has granted 510(k) clearance for the company’s flagship image analysis platform.
News | Artificial Intelligence | January 18, 2021
January 18, 2021 — AI Metrics, LLC, a medical imaging startup focused on augmented intelligence to improve patient ca
The U.S. Food and Drug Administration released the agency's first Artificial Intelligence/Machine Learning (AI/ML)-Based Software as a Medical Device (SaMD) Action Plan. This action plan describes a multi-pronged approach to advance the Agency's oversight of AI/ML-based medical software.
News | Artificial Intelligence | January 12, 2021
January 12, 2021 — The U.S.
OptumInsight and Change Healthcare combine to advance a more modern, information and technology-enabled healthcare platform

Getty Images

News | Information Technology | January 06, 2021
January 6, 2020 — Optum, a diversified health services company and
#coronavirus #COVID19 #pandemic

Getty Images

News | Radiology Imaging | January 01, 2021
The Imaging Technology News (ITN) team wishes you a Happy and Healthy New Year!
Company delivers on last year’s roadmap milestones and continues to advance cloud-native suite of tools to lead industry to the future of enterprise imaging
News | Enterprise Imaging | December 23, 2020
December 23, 2020 — ...
 EvoHealth, a trailblazer in incorporating new technology in healthcare IT software, announced it has exceeded its first milestone of more than 100 customers with over 200 locations.
News | Information Technology | December 22, 2020
December 22, 2020 — EvoHealth, a trailblazer in incorporating n
The key trends Clinicians reviewing a COVID-19 patient's lung CT that reveals the severity of COVID-caused pneumonia. The impact of COVID on radiology was a major, over arching trend at  the 2020 Radiological Society of North America (RSNA) meeting. Getty Imagesbserved at 2020 Radiological Society of North America (RSNA) meeting all focused around COVID-19 (SARS-CoV-2) and the impact it has had on radiology. #RSNA #RSNA20 #RSNA2020

Clinicians reviewing a COVID-19 patient's lung CT that reveals the severity of COVID-caused pneumonia. The impact of COVID on radiology was a major, over arching trend at  the 2020 Radiological Society of North America (RSNA) meeting. Getty Images

Feature | RSNA | December 17, 2020 | By Melinda Taschetta-Millane and Dave Fornell
Intelerad Acquires Digisonics CVIS and OB?GYN reporting systems to Expand its Enterprise Imaging Workflow
News | Enterprise Imaging | December 16, 2020
December 16, 2020 - Intelerad Medical Systems, a provider of...
Published in Nature Communications, ReceptorNet is a breakthrough deep-learning algorithm that can determine hormone-receptor status - a crucial biomarker for clinicians when deciding on the appropriate treatment path for breast cancer treatment
News | Artificial Intelligence | December 14, 2020
December 14, 2020 — Imagine being a doctor and having a precocious resident permanently by your side, giving you bril