TRIMEDX Senior Vice President of Cybersecurity Scott Trevino recently shared his thoughts on the 2024 industry landscape with Medtech Insight. Trevino was featured in two pieces highlighting expert perspectives on priorities & regulatory topics and ESG in 2024. You can read his answers, as they appeared Jan. 12, 2024, below.
ESG In 2024: Stakeholder Views From ‘Strategic Imperative’ To ‘Largely A Nonsense’
2024 stands to be another big year for environmental, social and governance (ESG).
The European Union is on track to implement ESG reporting mandates this year, the US Securities & Exchange Commission is poised to require climate-related disclosures following rulemaking proposed in 2022, and California will begin requiring environmental impact reporting from businesses in 2026 under legislation enacted in 2023. (Also see "New US, EU Climate-Related Disclosure Requirements Will Have Ripple Effects Through Value Chains" - Medtech Insight, 2 Jan, 2024.)
Medtech Insight and HBW Insight reached out to stakeholders with the question: Is ESG, as it stands today, moving industry forward or setting it back?
Scott Trevino: Cybersecurity and data privacy are key elements of any ESG framework. TRIMEDX has already taken the initiative to make ESG a priority, regardless of any future government requirements. TRIMEDX recently received recertification with the highly regarded International Organization for Standardization’s Information Management Security certification ISO/IEC 27001:2013. This verifies that TRIMEDX meets the latest information security industry standards and reaffirms our commitment to protecting providers’ and patients’ confidential data. Because this has long been a TRIMEDX priority, we are ready for whatever ESG rulemaking may arise in 2024, and we are ready to help our clients prepare for any upcoming changes.
FDA’s LDT Proposal, AI Oversight, Cybersecurity Top US Regulatory Interests In 2024
Medtech Insight reached out to attorneys, consultants, the US FDA and other stakeholders about leading US regulatory issues and opportunities in the new year.
Scott Trevino: One of the most pressing uncertainties, with the biggest impact, is simply the number of cyberattacks we’ll see throughout 2024. Over the past several years, the number of cyberattacks on healthcare organizations has increased significantly. Healthcare organizations saw an 86% spike in cyberattacks in 2022 from the year prior. At TRIMEDX, we will be watching to see if that trend continues, and we are prepared if it does so.
Additionally, we’ll be watching for any development or enforcement of meaningful measures to improve cybersecurity through regulation, legislation, and collaboration. Recently, the SEC charged SolarWinds and its chief information security officer (CISO) with fraud for misleading investors about the company’s cybersecurity practices and failing to disclose known risks during the time it was the target of a massive cyberattack. This could set a new a precedent for the accountability expected and consequences for security professionals. Leaders must ensure rigorous cybersecurity practices are in place and followed with evidence. The industry is closely monitoring how the FDA will enforce its new cyber mandates for medical devices and if Congress will advance additional cybersecurity legislation. As the FDA has indicated to Congress, cybersecurity collaboration between groups that service medical equipment, original equipment manufacturers (OEMs), independent service organizations (ISO) and others that own & service equipment is highly encourage in order to achieve the shared goal of improved patient care and patient safety. That could mean additional patches, more hardened medical devices, and more comprehensive medical device cybersecurity programs within health systems.