January 25, 2023 – BD released its third annual cybersecurity report to update stakeholders about the company’s ongoing efforts to advance cybersecurity maturity, protect against cyberattacks and empower customers with information about cyber risks and vulnerabilities.
Through the BD 2022 Cybersecurity Annual Report, the company is increasing awareness of health care cybersecurity challenges and the company’s commitment to transparency and collaboration.
“In health care, cybersecurity is about protecting patient safety and privacy, while also securing systems and data,” said Rob Suárez, chief information security officer of BD. “Patients receive medical care at some of the most critical and vulnerable moments in their lives. They trust the safeguards put in place to protect them. Upholding strong cybersecurity measures and continuing to advance cybersecurity is part of honoring that trust.”
In the context of recent cybersecurity trends and developments, the report discusses:
- Transparency and communication – BD strives to help customers manage risk properly through awareness and guidance. The BD 2022 Cybersecurity Annual Report outlines the company’s mature coordinated vulnerability disclosure processes and how customers can access product security documentation, including certifications and attestations from Underwriters Laboratories Cybersecurity Assurance Program (UL CAP), System and Organization Controls (SOC2) and the International Standards Organization (ISO/IEC 27001:2022).
- Collaborative efforts to advance cybersecurity – Strengthening cybersecurity across the health care industry requires collaboration. The report highlights the work of multiple cybersecurity working groups and outlines the company’s contributions to advancing secure cybersecurity practices, including ethical hacking exercises, cybersecurity scenario trainings and preparing for greater software-bill-of-materials (SBOM) visibility.
- The state of health care cybersecurity – Ransomware, phishing and software supply chain attacks reinforce the need for strong proactive and preventive measures. The report details how the company strives to protect its products, manufacturing operational technology and enterprise IT from emerging risks and threats.