Patient receiving a brain scan in the hospital

Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook

By Melissa Chase , Steven Christey Coley , Julie Connolly , Ronnie Daldos , Margie Zuk

This playbook, newly revised in 2022, provides practical considerations to address medical device cybersecurity incidents. Featuring tools, techniques, and resources, the playbook helps HDOs and others prepare for and respond to a cybersecurity incident involving medical devices.

Download Resources

The "Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook" outlines a framework for health delivery organizations (HDOs) and other stakeholders to plan for and respond to cybersecurity incidents around medical devices, ensure effectiveness of devices, and protect patient safety.

The healthcare sector knows how to prepare for and respond to natural disasters. It is less prepared, however, to handle cybersecurity incidents, particularly those involving medical devices. The WannaCry ransomware attack in 2017 highlighted the need for more robust cybersecurity preparedness to execute an enhanced, effective, real-time response that enables continuity of clinical operations. In response, FDA asked MITRE to develop the first version of the playbook, which was published in 2018. With the recent growth in ransomware attacks, increasing connectivity of medical devices, and emerging healthcare technologies, FDA asked MITRE to update the playbook.

The playbook outlines how hospitals and other HDOs can develop a cybersecurity preparedness and response framework. It supplements existing HDO emergency management and/or incident response capabilities with regional preparedness and response recommendations for medical device cybersecurity incidents. The revised version includes more explicit alignment with the Hospital Incident Command System for managing complex incidents, considerations for the widespread impacts and extended downtimes that are common during cyber incidents, and an appendix of resources.

As part of the playbook update, a Quick Start Companion Guide was developed to orient new playbook users and help all users quickly identify the key parts of the playbook to turn to during a cyber incident.