DataBreachToday.com reported that “commonly negotiated issues between healthcare delivery organizations and medical device vendors often involve expectations regarding notification of and patches for newly identified software security vulnerabilities, and those timelines.”  The April 18, 2022 article entitled “Medical Devices: Negotiating Cybersecurity Contract Terms” included these comments from Jim Jacobson (principal cybersecurity officer at Siemens Healthineers):

There are many healthcare delivery organizations today that require some contracting language or some agreement for cybersecurity before or after the purchase of a medical device…

What tends to happen is a long negotiation process where the healthcare delivery organization proposes language to the medical device manufacturer to lay out their expectations.

Lawyers get involved and it becomes a very lengthy process,…

What we’re trying to do with this model contract language is to jump-start that process – to provide materials ‘out of the box’ for the beginnings of those negotiations … and to make this easier to do.

Very good advice!

Leave a Reply

Your email address will not be published. Required fields are marked *