cybersecurity   task force underway

Early in 2016, The Department of Health and Human Services (HHS) formed a healthcare industry Cybersecurity Task Force with the intent to examine best practices for keeping connected medical devices safe and secure.


Task Force members were selected based on recommendations from a panel of subject matter experts from Health and Human Services (HHS), Department of Homeland Security (DHS), and National Institute of Standards and Technology (NIST). The following criteria were used in selecting Task Force members1:


  • Service in a position of influence in an organization that is representative of a component of the broad healthcare and public health sector
  • Experience in dealing with technical, administrative, management, and/or legal aspects of health information security
  • Knowledge of major health information security policies, best practices, organizations, and trends
  • Ability to participate actively in Task Force meetings and contribute to Task Force products
Product Security
See our global policy addressing the evolving nature of security in medical technology.
Philips is one of only two medical device manufacturers to be invited to participate and is represented on the team by Michael C. McNeil, Global Product Security & Services Officer, Royal Philips.
Michael McNeil

“Over the next year, these individuals will collectively look across industries and sectors to find the best ways organizations of all types are keeping data and connected medical devices safe and secure. They’ll discuss these ideas among themselves and, in the next year, they’ll report their findings to Congress and the public. They’ll also develop materials to share widely, ensuring every organization that plays a part in our health care system can protect the data that is part of this system2.” –HHS Acting Deputy Secretary, Mary K. Wakefield, Ph.D., RN


Like this article? Share it.

Best practice: Responsible Disclosure Policy


‘Responsible disclosure’ is a computer security term describing a vulnerability disclosure model3. Recognizing this need as part of our product security policy, Philips became one of only two major medical device manufacturers to design and implement a Responsible Disclosure Policy. Our policy has been singled out as a ‘best practice’ by industry stakeholders. Following the guidelines detailed in the Responsible Disclosure Policy, there is a certain timeline for us to respond to suspected vulnerabilities. Confirmed vulnerabilities result in a direct report into government agencies such as DHS (ICS-CERT program) and are then communicated through the press to the public.

Related topics

Five ways to improve Cybersecurity

5 ways to improve healthcare cybersecurity


Connected care is fast becoming the foundation for a healthier society. Yet sophisticated, persistent cyberattacks threaten to compromise this effort. You can help prevent such threats with these 5 actions.