USAMMA Signs Agreement for New Medical Device Cybersecurity Pre-assessment Process

CT Scanner training

The U.S. Army Medical Materiel Agency entered into a Cooperative Research and Development Agreement with DeltaStrac™ LLC in January 2016 to start a new cybersecurity pre-assessment process for medical devices, including computed tomography (CT) scanners, which need to need to connect to hospital networks to operate properly. The pre-assessment process will help ensure medical devices are designed to be compliant with cybersecurity standards. USAMMA believes working with industry partners early to achieve cybersecurity requirements will significantly shorten the time from acquisition to actual use. (Photo of training involving CT Scanner taken by William Wight, Pacific Regional Medical Command)

The U.S. Army Medical Materiel Agency (USAMMA) entered into a Cooperative Research and Development Agreement (CRADA) with DeltaStrac™ LLC in January 2016, to start a new cybersecurity pre-assessment process for medical device vendors hoping to do business with the Army.

Many modern medical devices, such as computed tomography (CT) scanners, heart rate monitors and medical infusion pumps, need to connect to hospital networks to operate properly. In an effort to ensure medical devices purchased by the government do not introduce security vulnerabilities, each device must pass a robust security certification process.

Participation in a cybersecurity pre-assessment does not guarantee that the Army will purchase a device; however, the new agreement allows DeltaStrac™ LLC to work directly with industry partners to help them understand cybersecurity requirements, so they can engineer medical devices to meet the cybersecurity standards.

USAMMA Clinical Technologies Product Manager Jimmy Bisenieks said cybersecurity pre-assessments are intended to improve the overall acquisition process.

"This new business practice is designed to save time and money," said Bisenieks, citing that USAMMA will not provide any federal funds to DeltraStrac™ LLC or industry partners, as part of the agreement.

Bisenieks explained that, previously, system-specific cybersecurity testing typically began after the contract award, which created significant hurdles for both the government and the vendor. The process conflicted with industry best standards because device manufacturers often had to address security issues post-engineering, resulting in a "bolted on" fix rather than a "baked in" solution. USAMMA believes working with industry partners early to achieve cybersecurity requirements will significantly shorten the time from acquisition to actual use.

"We believe this is a win-win for both the Army and private industry," Bisenieks said.

Vendors who are interested in finding out more about the cybersecurity pre-assessment process should submit their queries to the U.S. Army Medical Research and Materiel Command's New Products and Ideas (NPI) web portal: http://mrmc-npi.amedd.army.mil/

USAMMA is the procurement authority for the Super Capital Expense Equipment Program (superCEEP) and the Medical Case Support Equipment (MEDCASE), which are Army-funded programs that validate all high dollar medical device requirements through Army Medicine. USAMMA is a subordinate agency of the U.S. Army Medical Research and Materiel Command, which is the Army's main medical materiel developer. USAMMA's mission is to develop, tailor, deliver, and sustain medical materiel capabilities and data in order to build and enable health readiness.

Back to top

 

Last Modified Date: 25-Feb-2016