Bipartisan Legislation Introduced to Strengthen Cybersecurity for Medical Devices

A bipartisan billThe Strengthening Cybersecurity for Medical Devices Act – has been introduced which calls for the U.S. Food and Drug Administration (FDA) to review and update its guidelines on medical device cybersecurity more frequently to ensure devices are protected from potential hacking and cyberattacks.

The bill, introduced by Sen. Jacky Rosen (D-NV) and co-sponsored by Sen Todd Young (R-IN), calls for the Secretary of the Department of Health and Human Services (HHS), in consultation with the Director of the Cybersecurity and Infrastructure Security Agency (CISA), to provide updated guidance on medical device cybersecurity to FDA every year, and for the FDA to issue updated guidelines and suggestions on medical device cybersecurity at least every two years. The frequency of updates needs to be improved to ensure the guidelines remain current, especially considering the fast-evolving threat landscape and the extent to which the healthcare industry is being targeted by cyber threat actors.

“Medical devices are increasingly connected to the Internet or other health care facility networks to provide features that improve the ability of health care providers to treat patients,” said Sen. Young. “Our bill helps ensure medical devices are protected from cyberattacks and used safely and securely in order to reduce risks and vulnerabilities for patients.”

The bill also calls for the FDA to share information publicly about federal resources for healthcare professionals, medical device manufacturers, and health systems that will help them identify and address vulnerabilities and to ensure they can access appropriate support. The Strengthening Cybersecurity for Medical Devices Act also requires the Government Accountability Office (GAO) to compile a report on cybersecurity vulnerabilities affecting medical devices and to make recommendations for improving federal coordination to support cybersecurity for medical devices.

“In light of increased cyber threats, we must strengthen the security of our health care system’s cyber infrastructure,” said Senator Rosen. “This bipartisan bill I introduced with Senator Young will ensure that medical devices and technologies are up to date with the latest cybersecurity, protecting patients and health care systems.”

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.