Interoperability, Medical Device and HPH SCC

This information is marked TLP White; Subject to standard copyright laws. TLP: White information may be distributed without restriction.


Welcome back to Hacking Healthcare!

Hot Links –

  1. Securing interoperability – ONC goes “hackathon” in their approach to secure technology development to support interoperability. The office will host a two-part competition to encourage the development of secure servers and APIs to support integration of the FHIR standard. One novel approach – they’re also awarding prizes to security researchers who find flaws in the FHIR submissions. Here’s hoping that this sort of initiative starts to bring the security community into closer contact with EHR developers.


  1. All aboard the medical device train – Another bill from Congress – this one from the house – is seeking to legislate security of medical devices. This bill would require FDA and NIST to form a working group to study and report on the various security frameworks and underlying security standards that are relevant to medical devices. If this was to be conferenced and combined with the Senate bill introduced in August, the result would be a comprehensive shift in how the government regulates the security of medical devices. The Senate bill looked to increase transparency through disclosure of security methods by manufacturers, as well as requiring continued free manufacturer support of devices.


  1. Coordinating Council appoints Greg Garcia as Executive Director – Greg has been around the block in this space – previously leading the financial services coordinating council. This is a good get for the sector and a signal that leadership is serious about the cyber threat. As Terry Rice (Merck CISO) says – “the healthcare sector is at an inflection point…” We’ll look to sit down with Greg in coming weeks and report back on his priorities to lead the sector forward.

*Any reproduction or reposting of this content requires proper credit/attribution to H-ISAC.

As a reminder, this is the public version of the Hacking Healthcare newsletter. For additional in-depth analysis and opinion on responding to a cyber breach, become a member of H-ISAC.