FRANKLIN LAKES, N.J.,
Dec. 11, 2017 /PRNewswire/ -- BD
(Becton, Dickinson and Company) (NYSE: BDX), a leading global
medical technology company, today announced it has established a
Product Security Partnership Program that emphasizes collaboration
across the health care industry to enhance cybersecurity of medical
technology and devices.
The new program has three primary components:
- Participation with government agencies, industry associations
and security researchers and their efforts to enhance cybersecurity
in health care;
- Collaborating with UL to use the ANSI UL 2900 cybersecurity
standard and participate in the UL Cybersecurity Cooperative
Research and Development Agreement; and
- A cybersecurity vendor certification program where BD verifies
third-party security technologies that are compatible with its
products and perform as indicated.
"Intelligent and connected medical technologies have transformed
how health care providers diagnose and treat patients," said
Rob Suarez, director of Product
Security for BD. "As cyber attacks become more sophisticated and
attempt to find vulnerabilities through an interconnected health
system, medical technology companies, health care providers and
government agencies need to collaborate even more to protect
patients."
As part of its participation with government agencies, BD is
participating in the National Institute of Standards and Technology
(NIST) Secure Wireless Infusion Pump Program and created a white
paper for secure design and architecture. The company also
contributed to the Health Care Industry Cybersecurity Task Force to
produce recommendations on how to improve cybersecurity across the
health care industry. For any potential vulnerabilities in BD
products, the company has made a strong commitment to coordinate
vulnerability disclosure through the U.S. Food and Drug
Administration (FDA), and National Health Information Sharing and
Analysis Center (NH-ISAC). This commitment also extends
to the Department of Homeland Security National
Cybersecurity and Communications Integration Center (NCCIC), which
acts through the Industrial Control Systems Cyber Emergency
Response Team (ICS-CERT) to provide expertise on control
systems-related security incidents and mitigations.
BD is using ANSI UL 2900 as part of its design and development
process to minimize risks and help reduce exploitation, address
known malware, enhance security controls and expand security
awareness. UL has longstanding expertise in safety science,
standards development, testing and certification and worked with
industry to develop UL 2900 to help manufacturers address
cybersecurity vulnerabilities. BD has also volunteered to
participate in the UL Cybersecurity Cooperative Research and
Development Agreement (CRADA), a program established to help
improve the nation's cybersecurity. The CRADA project will support
improvement in patient safety and security through the use and
verification of UL's Cybersecurity Assurance Program (CAP).
For third-party cybersecurity products to receive certification,
BD employs a rigorous evaluation of the technology to ensure it is
compatible with BD products and performs as indicated. The
certifications specify which BD products were tested and passed the
evaluation so biomedical technicians will have reassurance that the
third-party software is compatible with the specified BD product
and does not interfere with the operation of the device. In some
situations, BD is taking a unique approach with security technology
companies by tailoring their solutions to the specific needs of BD
products in a health care setting.
Inaugural members of the cybersecurity technology certification
program include Attivo Networks and Cylance. BD has verified for
certain BD products that the BOTsink Solution from Attivo Networks
provides an effective method for distributed deception and decoy
solution for early threat detection, and
CylancePROTECT®, uses next-generation machine learning
and artificial intelligence to provide a powerful next-generation
anti-malware technology.
"Connecting medical device makers and security researchers is
increasingly important to preserve patient safety and trust in the
public health system, and fortunately it is also increasingly
common, as demonstrated by BD with this move," said Beau Woods, founding member of I Am The Cavalry,
and Cyber Safety Innovation Fellow with the Atlantic Council. "We
applaud this effort and encourage more device makers and security
researchers to work closely together, alongside others in the
ecosystem, to make us safer, sooner, together."
BD's approach to product security is a three-prong strategy that
considers security measures during design, in use and through
partnership with health care providers, government and the product
security industry. The company is dedicated to transparency and
open communication surrounding potential threats to its products
and implementing mitigating controls when necessary. BD's product
security framework targets to improve security throughout the
product lifecycle. For more information about BD's product security
efforts, visit http://www.bd.com/ProductSecurity. Future
collaborators for product-related privacy or security initiatives
are encouraged to contact BD at product.security@bd.com.
About BD
BD is a global medical technology company that is advancing
the world of health by improving medical discovery, diagnostics
and the delivery of care. BD leads in patient and health care
worker safety and the technologies that enable medical research and
clinical laboratories. The company provides innovative solutions
that help advance medical research and genomics, enhance the
diagnosis of infectious disease and cancer, improve medication
management, promote infection prevention, equip surgical and
interventional procedures, and support the management of diabetes.
The company partners with organizations around the world to address
some of the most challenging global health issues. BD has nearly
50,000 associates across 50 countries who work in close
collaboration with customers and partners to help enhance outcomes,
lower health care delivery costs, increase efficiencies, improve
health care safety and expand access to health. For more
information on BD, please visit bd.com.
Contacts:
|
|
Troy
Kirkpatrick
|
Monique N.
Dolecki
|
BD Public
Relations
|
BD Investor
Relations
|
858.617.2361
|
201.847.5378
|
troy.kirkpatrick@bd.com
|
Monique_Dolecki@bd.com
|
View original content with
multimedia:http://www.prnewswire.com/news-releases/bd-establishes-product-security-partnership-program-to-enhance-cybersecurity-of-medical-technology-300569398.html
SOURCE BD (Becton, Dickinson and Company)