A collaborative movement between the medical device and security researcher communities.
At future events – like @Defcon – we encourage manufacturers to increase engagement with the cyber research community through device demos and our #wehearthackers event. This demonstrates a company’s commitment to cyber principles: Trustworthiness. Transparency. Resilience.
— FDA Commissioner, Scott Gottlieb, M.D. (@SGottliebMD) January 29, 2019
The US Food and Drug Administration, the non-profit Biohacking Village, and I Am The Cavalry call on medical device and clinical system manufacturers to improve the cybersecurity of global healthcare by committing to:
>> Collaborate with cybersecurity researchers, acting in good faith, who report potential vulnerabilities,
>> Officially attend the Biohacking Village: Device Lab at DEF CON
>> Provide medical devices for testing
>> Assess, disclose, and mitigate potential cybersecurity vulnerabilities identified, and
>> Invite your peers to do the same.
#WeHeartHackers connects independent security researchers with industry, to collaborate, assess, and address potential issues that could cause harm to human life, public safety, and public trust.
Developed by industry and the security research community with support from federal government partners, the #WeHeartHackers initiative acts as a public private partnership that accelerates security maturity across and within critical infrastructure sectors.
In 2019, #WeHeartHackers saw 10 medical device makers pledge high-trust collaboration with the security researcher community. These industry partners provided security researchers with more than 30 medical devices, learning adversary tactics and improved security approaches. Among other output, research from this event contributed to FDA and DHS communications about critical infrastructure, coordinated first with the affected companies.
The #WeHeartHackers initiative is expanding to other sectors in 2020 with the help of DHS, sector specific agencies, such as the FDA, industry partners and other security researcher-led non-profit organizations to galvanize support from critical infrastructure manufacturers. We welcome those who support good faith cybersecurity research to ensure we are safer, sooner, together.