Security standard for EBMD launched in Dubai

Sajjad Ahmad, Staff reporter

Dubai Electronic Security Center (DESC) in association with Dubai Health Authority (DHA) on Thursday announced the launch of Security Standard for Electronic Biomedical Devices (EBMD) across the emirate.

This move, affecting healthcare facilities and medical device manufacturers and suppliers operating within Dubai, is geared at limiting breaches within the healthcare sector and protecting sensitive patient information. Adherence to this standard will ensure a minimal risk framework, as well as fortify the sector’s digital infrastructure against the recent rise in cyber-attacks on healthcare institutions around the world.

The launch was inaugurated during a press conference held on Thursday in Jumeirah Emirates Towers Hotel, and was attended by Amer Sharaf, Director of Compliance, Support and Alliances at Dubai Electronic Security Center; Dr Bushra Al Blooshi, Director of Research and Innovation at Dubai Electronic Security Center; Dr Amani Al Jasmi, Director of IT at DHA and Eng. Nasser Al-Bloushi, Chief Information Security Officer from Dubai Health Authority.

“DESC is proud to continue its cooperative efforts with DHA in its ongoing success of digitization initiatives in the healthcare sector to constantly develop and further enhance policies and standards to safeguard sensitive patient information and all electronic biomedical devices being used in Dubai,” said Yousuf Al Shaibani, Director General at Dubai Electronic Security Center.

As per the new guidelines, EBMD offered within Dubai will now be categorised into four major classes based on the nature of the device. Devices falling under Class I and Class II will have to meet general security standards, while specialised devices falling under Class III will have to meet specific standards based on risk assessment. Highly sensitive devices falling under Class IV will have to adhere to a much stricter set of standards.

Dr Al Jasmi underlined the authority’s commitment to developing and building a strong health system, capable of facing the challenges imposed by technology and the rapid accelerated technological advancements in the medical sector, which has increased the responsibility of health institutions to protect itself from hacking and unwarranted access to patient data.

In turn, Eng. Nasser Al Bloushi, Chief Information Security Officer of Dubai Health Authority, said that the new specification for the security of medical equipment is a proactive step for the rapid technological development in the world, which has imposed new challenges that require the safe operation of these devices and minimizing potential risks to patients. Al Bloushi also explained that the medical equipment devices were classified according to their importance to patients, and the extent of their direct and indirect impact on the patient and the medical staff and the development of many controls for each type of these devices.

“DHA’s comprehensive medical expertise and thorough understanding of BMDs was crucial to formulating the distinct guidelines for each device class,” noted Dr. Bushra Al Blooshi, Research and Innovation Manager at DESC. “DHA will be responsible for the implementation of these standards, as well as ensuring that healthcare facilities and medical devices operate in accordance with their class guidelines.”

The new EBMD Security Standard is largely rooted in the IoT Security Standard also developed by DESC. Worldwide standards were also consulted while developing these regulations including the Australian Regulatory Guidelines for Medical Devices, the European Union Medical Devices Guidance Document, Medicines Regulations of New Zealand and regulations followed in the US and Canada.

“The development of the EBMD Security Standard is part of the initiative to make Dubai’s cyber space more secure, and also aligns with the National Innovation Strategy aimed at positioning the UAE as global leaders in innovation.” commented Amer Sharaf, Director, Compliance, Support and Alliances at DESC.

Dubai Electronic Security Center (DESC) was founded in 2014. Pursuant to Law No. 11 and with the aim to develop and implement information security practices, it has been setting good-practice criteria for cyber security across the Emirate. DESC’s strategic plan includes initiatives to combat threats, cyber-attacks, and cyber-crime.