Main Menu

Shepherd signs MOU with Department of Veterans Affairs for cybersecurity research related to medical devices

ISSUED: 7 January 2020
MEDIA CONTACT: Valerie Owens

SHEPHERDSTOWN, WV — Shepherd University’s Center for Regional Innovation, Shepherdstown-based KRM Associates, Inc., and the Medical Device “Plug-and-Play” Interoperability and Cybersecurity Lab at Massachusetts General Hospital in Cambridge, Massachusetts, have signed memoranda of understanding (MOUs) with the U.S. Department of Veterans Affairs to support advanced and emerging medical device and cybersecurity research and knowledge sharing.

The VA is collaborating with the three private-sector organizations in order to refine existing and emerging cybersecurity standards and practices for network-connectable medical devices, medical device data systems, and related health technology. These activities have potentially broad health sector impact, including, but not limited to, the care of veterans within the VA health system, as well as non-veterans in other health administration environments, VA and Underwriters Laboratories (UL) advancements across the lifecycle of medical device procurement and acquisition, and other federal initiatives with cybersecurity components.

Dr. Mary J.C. Hendrix, president of Shepherd University, commented, “This collaborative opportunity offers unique and significant educational and professional services that will advance the mission of the University and address an emerging issue of our time.”

The Massachusetts General Hospital Plug-and-Play Lab supports the advancement of research, discovery, knowledge sharing, and education in the medical device interoperability and cybersecurity domains. Under the VA agreement, the Plug-and-Play labs will share pre-competitive domain knowledge, subject matter expertise, research protocols and findings, with the further ability to leverage the UL 2900 Medical Device Cybersecurity Criteria, and the sharing of the medical device Plug-and-Play capital infrastructure resources.

KRM Associates and Shepherd’s Center for Regional Innovation will operate a federated lab to support medical device and Internet of Things (IoT) security assessment and validation at Shepherd University in Shepherdstown, West Virginia. The initial focus of the Shepherd lab will be to test medical and IoT devices to certify security, based on Underwriters Laboratories certification criteria and other criteria established or identified by the VA as they relate to the VA environment. Testing at Shepherd will be done in collaboration with the standards organizations and UL, and the Shepherd lab will be tasked with expanding and adapting the criteria to the VA environment and the devices pertinent to the VA. Another focus of the Shepherd initiative is providing an avenue for real-world experience and educational research opportunities for students interested in pursuing an emphasis in cybersecurity, especially with regard to IoT devices being used in medical settings, whether at-home or clinical care, thereby establishing a robust experiential environment for future security professionals.

Increasingly, veterans and their health care providers are relying on different medical devices that are connected to systems and to the Web. These devices now provide wide-ranging connectivity, which can both leverage innovative ways for managing health care and unfortunately can possibly result in ways of accessing or compromising network infrastructure that require management and mitigation. Now, with these MOUs, both labs are making plans for discovering and sharing solutions that are important to the security and safety of veterans. Overall, Massachusetts General Hospital and Shepherd labs will work in collaboration with VA, serving as objective knowledge bases, learning centers for healthcare delivery and medical device manufacturers, and innovators of cybersecurity solutions that will enhance the trust and safety of medical devices throughout their lifecycle.

Initiating VA UL mobile devices and cybersecurity projects with the federated labs will accelerate sharing of medical device cybersecurity information, standards, and lifecycle requirements. The labs will endeavor to create a veteran-centric safety certification framework that ensures trustworthiness. By participating in this collaboration, the VA is contributing to industry-wide situational awareness of both medical device vulnerabilities and threats, while applying further tests of the UL criteria and other emerging standards for evaluating medical device cybersecurity risks. The labs, by applying data-driven cybersecurity criteria to the discovery and testing of advanced techniques with medical devices, will coordinate with a broader group of stakeholders such as other hospitals, device manufacturers, educational communities, and patients to address a wide range of use scenarios and security which includes cooperative leadership while fostering a culture of security.

“We believe that as the Internet of Things expands, security is becoming a critical factor in evaluating wireless machines and equipment. The activities undertaken through this center provide a way to assure secure integration of the equipment into the IoT,” said Dr. Ben Martz, director of Shepherd’s Center for Regional Innovation and dean of Shepherd’s College of Business. “This initiative at Shepherd creates an avenue for establishing a source of highly skilled cybersecurity professionals ready to step into the myriad openings in organizations, both federal government and non-governmental, which are actively looking for assistance in the ever-escalating battle against malware, hackers, and other threats to the integrity, security, and availability of sensitive data. This brings yet another high value technical resource to the State of West Virginia, as it seeks to expand and diversify its future economy into the high-tech realm and improve prospects for its residents.”

— 30 —