
Testing Medical Connectable Devices to Cybersecurity Standards Fact Sheet
The integration of advanced information technologies in medical devices has transformed the healthcare industry, resulting in dramatic improvements in the efficiency and effectiveness of healthcare and related services. But this integration has fostered the emergence of a new set of challenges for patients, healthcare providers and device developers and manufacturers. Today, the healthcare industry is a significant target for hackers and cybercriminals, potentially compromising private and confidential healthcare data and placing the safety and health of patients at risk.
UL Solutions offers guidance to manufacturers of medical devices and health and wellness products to help them navigate complex regulatory environments and meet critical patient needs. This is especially important for medical device cybersecurity because rapid innovation and regulatory changes are happening simultaneously. UL Solutions’ suite of cybersecurity services is designed to help healthcare organizations manage their cybersecurity risks and validate their cybersecurity capabilities in the marketplace.
The Healthcare and Public Health Sector Coordinating Council (HSCC) cybersecurity working group, with the U.S. Food and Drug Administration (FDA) participation, developed the Medical Device and Health IT Joint Security Plan (JSP – Medical Device and Health IT Joint Security Plan version 2 (JSP2) – Health Sector Council), a total product life cycle reference guide.
The JSP2 is developed with the active participation of stakeholders from across the healthcare ecosystem. This includes representatives from both the public and private sectors, such as medical device manufacturers, healthcare IT vendors, healthcare providers and federal agencies. Contributors include regulators and industry groups, like the FDA, and other medical device manufacturers.
The principles outlined in the JSP2 are reflected in UL Solutions’ Medical Cybersecurity Assurance Program (CAP), which includes:
These principles and concepts align the JSP2, an industry best practices document, with the requirements of ANSI/UL 2900-2-1, the Standard for Software Cybersecurity for Network-Connectable Products, Part 2-1: Particular Requirements for Network Connectable Components of Healthcare and Wellness Systems. This standard is an FDA-recognized consensus standard and has been adopted as a referenced consensus standard under several global regulatory schemes.
The JSP2 integrates "secure-by-design" and "secure-by-default" principles throughout the total product life cycle of medical devices. By aligning these cybersecurity principles with key life cycle phases (as listed below), manufacturers can confirm that security is embedded at every stage.
Healthtech cybersecurity breaches are on the rise. Hackers and cybercriminals compromise confidential data and infiltrate medical devices. UL Solutions offers a full suite of services for medical device cybersecurity.
We will help you address your cybersecurity, data privacy and interoperability risks. Our services include:
Personnel competency training
Market access/regulatory support
Knowledge and guidance support
Laboratory services
Our testing and certification services apply to, but are not limited to, the following types of connectable devices:
UL Solutions has extensive expertise in cybersecurity, with a global network of IoT and operational technology (OT) security laboratories, and security experts and advisors with specialized expertise in global security standards, frameworks and best practices for the healthcare ecosystem. We help healthcare organizations to:
Thanks for your interest in our products and services. Let's collect some information so we can connect you with the right person.