A bill to help protect medical devices from cyberattacks is under discussion. The bill “Strengthening Cybersecurity for Medical Devices Act” was introduced by Senators Todd Young (R-ID) https://www.young.senate.gov and Jacky Rosen (D-NV) https://www.rosen.senate.gov in June 2022.
The bill would require the FDA https://www.fda.gov to review and update medical device cybersecurity guidelines and suggestions and make updates as appropriate at least every two years. The bill also requires FDA to share information publicly regarding federal resources for healthcare professionals with medical device manufacturers, and health systems to identify and address cyber vulnerabilities.
In addition, the bill requires a GAO https://www.gao.gov report to examine medical device cybersecurity vulnerabilities and then make recommendations for improving federal coordination to support cybersecurity for medical devices.
Another action took place in June 2022 to protect against cyber-attacks. Stacey Hughes, EVP, of the American Hospital Association (AHA) https://www.aha.org on behalf of their nearly 5,000 member hospitals, health systems, other healthcare organizations, clinician partners, and the 43,000 healthcare leaders who belong to AHA’s professional membership groups, wrote a strong letter in support of the Protecting and Transforming Cyber Health Care (PATCH) Act (S.3983).
The letter suggests that manufacturers should be accountable for developing products with appropriate security controls, as well as update devices as cyber threats continue to evolve. AHA also encourages the inclusion of a provision to clarify that FDA approval of devices would not be jeopardized as manufacturers provide the updates.
In another move on July 1, 2022, MedSec https://www.medsec.com, a provider of medical device security has established a new Healthcare Technology Cyber Risk Management (HTCRM) team to expand their biomedical and clinical expertise.
MedSec takes a technology first approach at helping clients understand and prioritize what matters most as threats to their critical infrastructure continues to increase. Phil Englert, as MedSec’s Chief Product Officer and a HTCRM expert will be the Advisor to the new team. As Advisor, Phil Englert will continue to help MedSec develop security solutions for hospitals.