HSCC issues guidance for updated cybersecurity model contract language for health care organizations, medical device manufacturers

Nov 18, 2025 - 03:09 PM
young patient touching machine

The Health Sector Coordinating Council’s Cybersecurity Working Group Nov. 18 released a best practices guide for health care organizations and medical device manufacturers that includes an updated cybersecurity model contract regarding the security, compliance, management, operation and services of medical technology in clinical settings. The guidance highlights security terms and conditions for storing, transferring or accessing a health care organization’s information. It also recommends that all network access, medical products, services and solutions satisfy the organization’s compliance requirements. 

“Medical device cybersecurity is a shared responsibility between health care delivery organizations and MDMs,” said John Riggi, AHA national advisor for cybersecurity and risk. “It is extremely important for hospitals and health systems to work with MDMs to set realistic, contractual cybersecurity requirements that will help mitigate cyber risks that may originate from insecure medical devices and technologies. Resiliency and redundancy requirements should also be added to help ensure uninterrupted, safe and quality care delivery during a cyberattack. This guide is an excellent resource for hospitals and health systems to develop and enhance medical device contract language and ensure the medical devices and technology we purchase are secure by design and demand.”

For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.

 

Related News Articles

Headline
AHA blog: Can collaborative efforts to improve device design improve safety?
Despite elegant efforts to design for safe use, rigorous standards and regulatory requirements, and lots of training of health care professionals, there’s…
Headline
White House announces tariffs on steel and aluminum imports
The Trump administration yesterday announced it issued executive orders authorizing 25% tariffs on all steel and aluminum imports. Importantly, both steel and…
Headline
FDA warns of potential to miss notifications on smartphone-compatible diabetes devices
The Food and Drug Administration Feb. 5 released an alert notifying patients of a safety concern using diabetes devices such as continuous glucose monitors,…
Headline
HHS says impacts to medical products should be limited as strike at U.S. ports begins
The Department of Health and Human Services Sept. 30 released a statement on the dockworker strike at ports along the East and Gulf coasts, saying that…
Headline
FDA clarifies definition of 'remanufacturing' for medical devices needing maintenance
The Food and Drug Administration May 9 released final guidance clarifying the definition of “remanufacturing” for reusable medical devices needing…
Headline
GAO recommends FDA, CISA update medical device security documentation based on AHA input
The Government Accountability Office Dec. 21 recommended the Food and Drug Administration and Cybersecurity and Infrastructure and Security Agency update a 5-…