Senators Introduce Bill Strengthening Medical Device Cybersecurity Guidance

Sens. Jacky Rosen and Todd Young are introducing a piece of legislation that would require the Food and Drug Administration to more frequently update guidance on medical device security.

Under the bill, the FDA must work with the Cybersecurity and Infrastructure Security Agency to issue guidance for industry and FDA staff about medical device cybersecurity every two years. The piece of legislation also tasks the Government Accountability Office with creating a report that looks into medical device cybersecurity challenges.

According to Rosen, the bill is designed to protect devices against rapidly increasing cyber threats and ultimately protect patients and health care systems, CyberScoop reported.

The FDA has issued over a dozen alerts on serious vulnerabilities since 2015, some of which could have resulted in fatalities. In 2019, the agency warned against an issue with Medtronic’s insulin pump that could allow hackers to change the device’s settings.

During an April hearing with the Senate Committee on Health, Education, Labor and Pensions, Jeffrey Shuren, the director of the FDA Center for Devices and Radiological Health, said additional funding and authorities would help the agency ensure that medical devices are safe.

The FDA issued a draft of guidelines for medical devices and health care facility frameworks in April. Under the draft, devices should come with a software bill of materials and a labeling system that would outline potential risks.

Both requirements are part of President Joe Biden’s 2021 federal cybersecurity executive order.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Federal Civilian

Join Us Now