BACKGROUND
The Medical Device Protection Program (MDPP) Leadership Working Group was established in July 2014 with responsibility to conduct a comprehensive review and assessment of the MDPP to include the existing policies and standard operating procedures. The Inspector General (IG) cited the VA for deficiencies in the MDPP, such as weak network segmentation, as part of the Federal Information Security Modernization Act (FISMA) Material Weakness. Additionally, the VA was unable to, and does not effectively scan and identify all medical devices and other systems (specifically SPS) connected to VA’s network in order to mitigate security risks posed by these devices.
MEDFUSION HISTORY
The dedicated ‘ACL vs. Firewall’ project team was created in 2016, composed of representatives from HISD-FSS, OI&T SDE and HTM (Health Technology Management ) The group’s first task was to survey existing network isolation technologies in order to determine current availability and suitability for the task of medical device and special purpose system network isolation.
In October 2016 the ‘ACL vs. Firewall’ team activity was placed on standby pending restructuring by management. In February 2017 the effort was reconstituted and reprogrammed as the MedFusion project. A new team was created comprised of the majority of the original HISD, OI&T and HTM representatives, plus additional contract and management support staff. The task given to the new MedFusion project team was to complete the investigation and suitability evaluation of available alternative methods of network device isolation and to provide recommendations to VA leadership as to the appropriate way forward.
Today, the MedFusion team includes members from Information Assurance/Cyber Strategy, Network Security Operations Center (NSOC), Network Field Operations, LAN Team, IT Operations and Services, Enterprise Network Engineering, Wireless Engineering, Long Beach Local IT, BioMedical Engineering, HISD ISOs, Enterprise Cybersecurity Architecture.