In Australia, cyber security threat information sharing and monitoring can be facilitated through CERT Australia (operated under the Joint Cyber Security Centres as part of the ACSC) and AusCERT (not-for-profit organisation under the University of Queensland). Internationally, the US based ICS-CERT provides regular updates concerning known medical device threats.
Effective threat intelligence sharing for medical device developers, manufacturers, sponsors and users should consider the following aspects:
- software, hardware and protocol vulnerabilities
- exploits, methods or tools which are developed to take advantage of one or more vulnerabilities
- risk associated with the existing vulnerabilities, exploits and threats
- incidents where known or unknown exploits are used to realise the threat
- recovery or mitigation strategies
Medical device users
Users of medical devices are encouraged to monitor cyber security threats and participate in cyber security intelligence and threat sharing as appropriate, using the above modes.
For example, the Trusted Information Sharing Network (TISN) for Critical Infrastructure Resilience includes a Health Sector Group, which may be relevant for large scale service providers. TISN facilitates information sharing between members of the group on issues relating to critical infrastructure in the health sector, appropriate measures and strategies to mitigate risk and improve organisational resilience. TISN have published a number of documents that are relevant to cyber security threat sharing.