FRANKLIN LAKES, N.J., Dec. 11, 2017 – BD (Becton, Dickinson and Company) (NYSE: BDX), a leading global medical technology company, today announced it has established a Product Security Partnership Program that emphasizes collaboration across the health care industry to enhance cybersecurity of medical technology and devices.
The new program has three primary components:
- Participation with government agencies, industry associations and security researchers and their efforts to enhance cybersecurity in health care;
- Collaborating with UL to use the ANSI UL 2900 cybersecurity standard and participate in the UL Cybersecurity Cooperative Research and Development Agreement; and
- A cybersecurity vendor certification program where BD verifies third-party security technologies that are compatible with its products and perform as indicated.
"Intelligent and connected medical technologies have transformed how health care providers diagnose and treat patients," said Rob Suarez, director of Product Security for BD. "As cyber attacks become more sophisticated and attempt to find vulnerabilities through an interconnected health system, medical technology companies, health care providers and government agencies need to collaborate even more to protect patients."
As part of its participation with government agencies, BD is participating in the National Institute of Standards and Technology (NIST) Secure Wireless Infusion Pump Program and created a white paper for secure design and architecture. The company also contributed to the Health Care Industry Cybersecurity Task Force to produce recommendations on how to improve cybersecurity across the health care industry. For any potential vulnerabilities in BD products, the company has made a strong commitment to coordinate vulnerability disclosure through the U.S. Food and Drug Administration (FDA), and National Health Information Sharing and Analysis Center (NH-ISAC).
This commitment also extends to the Department of Homeland Security National Cybersecurity and Communications Integration Center (NCCIC), which acts through the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) to provide expertise on control systems-related security incidents and mitigations.
BD is using ANSI UL 2900 as part of its design and development process to minimize risks and help reduce exploitation, address known malware, enhance security controls and expand security awareness. UL has longstanding expertise in safety science, standards development, testing and certification and worked with industry to develop UL 2900 to help manufacturers address cybersecurity vulnerabilities. BD has also volunteered to participate in the UL Cybersecurity Cooperative Research and Development Agreement (CRADA), a program established to help improve the nation's cybersecurity. The CRADA project will support improvement in patient safety and security through the use and verification of UL's Cybersecurity Assurance Program (CAP).
For third-party cybersecurity products to receive certification, BD employs a rigorous evaluation of the technology to ensure it is compatible with BD products and performs as indicated. The certifications specify which BD products were tested and passed the evaluation so biomedical technicians will have reassurance that the third-party software is compatible with the specified BD product and does not interfere with the operation of the device. In some situations, BD is taking a unique approach with security technology companies by tailoring their solutions to the specific needs of BD products in a health care setting.
Inaugural members of the cybersecurity technology certification program include Attivo Networks and Cylance. BD has verified for certain BD products that the BOTsink Solution from Attivo Networks provides an effective method for distributed deception and decoy solution for early threat detection, and CylancePROTECT®, uses next-generation machine learning and artificial intelligence to provide a powerful next-generation anti-malware technology.
"Connecting medical device makers and security researchers is increasingly important to preserve patient safety and trust in the public health system, and fortunately it is also increasingly common, as demonstrated by BD with this move," said Beau Woods, founding member of I Am The Cavalry, and Cyber Safety Innovation Fellow with the Atlantic Council. "We applaud this effort and encourage more device makers and security researchers to work closely together, alongside others in the ecosystem, to make us safer, sooner, together."
BD's approach to product security is a three-prong strategy that considers security measures during design, in use and through partnership with health care providers, government and the product security industry. The company is dedicated to transparency and open communication surrounding potential threats to its products and implementing mitigating controls when necessary. BD's product security framework targets to improve security throughout the product lifecycle. For more information about BD's product security efforts, visit www.bd.com/ProductSecurity. Future collaborators for product-related privacy or security initiatives are encouraged to contact BD at email@example.com.
BD is one of the largest global medical technology companies in the world and is advancing the world of health by improving medical discovery, diagnostics and the delivery of care. The company supports the heroes on the frontlines of health care by developing innovative technology, services and solutions that help advance both clinical therapy for patients and clinical process for health care providers. BD and its 65,000 employees have a passion and commitment to help enhance the safety and efficiency of clinicians' care delivery process, enable laboratory scientists to accurately detect disease and advance researchers' capabilities to develop the next generation of diagnostics and therapeutics. BD has a presence in virtually every country and partners with organizations around the world to address some of the most challenging global health issues. By working in close collaboration with customers, BD can help enhance outcomes, lower costs, increase efficiencies, improve safety and expand access to health care.
This press release contains certain estimates and other forward-looking statements (as defined under Federal securities laws) regarding potential future sales and product development. Forward looking statements may be identified by use of words such as “will”, “plan”, “believe”, “expect” or other words of similar meaning. All such statements are based upon the current expectations of BD and involve a number of business risks and uncertainties. Actual results could vary materially from anticipated results described, implied or projected in any forward-looking statement. A number of factors could cause actual results to vary materially, including, without limitation, difficulties inherent in product development, delays in product introductions and uncertainty of market acceptance of new products; competitive factors including technological advances and new products introduced by competitors; pricing and market pressures; potential cuts in governmental healthcare spending and measures to contain healthcare costs; adverse changes in regional, national or foreign economic conditions; product efficacy or safety concerns; fluctuations in costs and availability of materials and in BD's ability to maintain favorable supplier arrangements and relationships; new or changing laws and regulations impacting our business or changes in enforcement practices with respect to such laws; future healthcare reform; as well as other factors discussed in BD's filings with the Securities and Exchange Commission. We do not intend to update any forward-looking statements to reflect events or circumstances after the date hereof except as required by applicable laws or regulations.