Health device security
Senators Introduce Bill to Improve Medical Device Cybersecurity
Senators Bill Cassidy and Tammy Baldwin have introduced a new piece of legislation that is designed to enhance medical device security at the premarket stage.
The Protecting and Transforming Cyber Health Care Act would amend the Federal Food, Drug, and Cosmetics Act to ensure that cybersecurity measures are included in any premarket submission for a cyber device of information. It would also enable the implementation of cybersecurity requirements for medical device manufacturers that are applying for premarket approval through the Food and Drug Administration.
The PATCH Act would also require manufacturers to design, develop and maintain updates and patches throughout the lifecycle of their devices, HealthITSecurity reported.
The proposed legislation also requires the creation of a plan for addressing postmarket cybersecurity vulnerabilities and the provision of a software bill of materials for products and components. The creation of SBOMs allows officials to monitor vulnerabilities, manage license compliance and allow developers to understand dependencies across a product.
In a press release, Baldwin said the PATCH Act would ensure that medical technologies are safe from cyber threats and personal health information will not be prone to compromise. She added that the bill would also allow organizations to look for new ways to improve health care.
In recent years, researchers have discovered various security vulnerabilities in medical devices. Experts have been pointing out a need for industry standards and regulations to ensure that medical devices are secure to use.
Researchers also found that numerous medical devices operate on legacy devices, which makes them hard to patch. Legacy systems-based devices are also prone to hacking.
Representatives Michael Burgess and Angie Craig have introduced accompanying legislation in the House of Representatives for the PATCH Act.
Category: Cybersecurity
Tags: Angie Craig Bill Cassidy cybersecurity Food and Drug Administration HealthITSecurity medical device security Michael Burgess Protecting and Transforming Cyber Health Care Act Tammy Baldwin
