June 30, 2022

Legislation to improve medical device cybersecurity introduced, supported by AHA

By: Tarsilla Moura

Editor's Note

On Friday, June 24, the American Hospital Association (AHA) voiced support for the Protecting and Transforming Cyber Health Care Act (PATCH Act)—legislation that would “require medical device manufacturers to meet certain cybersecurity requirements when seeking approval for devices that are internet connected or include software” in order to improve security, AHA June 27 reports.

Vulnerabilities are often identified in medical devices given the challenges associated with patching them. According to the 2021 OR Manager article titled “Patient safety and the ‘Internet of Medical Things (IoMT),’” 60% of medical devices are at end-of-life, meaning there are no patches or upgrades available for them. The Windows 10 end-of-life is 2025; in other words, tech support for devices running with this operating system will become obsolete in just 3 years. According to the HIPPA Journal April 5 article titled “The Protecting and Transforming Cyber Health Care (PATCH) Act Introduced to Improve Medical Device Cybersecurity,” hackers may “change the functionality of the devices, render them inoperable,” or use them “as a springboard for more extensive attacks on healthcare networks.”

The PATCH Act, introduced by US Senators Bill Cassidy (R-LA) and Tammy Baldwin (D-WI), “would require medical device manufacturers to monitor and identify post-market vulnerabilities in a timely manner, develop a plan for coordinated vulnerability disclosure, and provide lifetime cybersecurity support of the device,” noted AHA. If the proposed bill passed, before a medical device can be approved for use by the Food and Drug Administration, manufacturers would need to “design, develop, and maintain processes and procedures to update and patch the devices and related systems throughout the lifecycle of the device” and “ensure that critical cybersecurity requirements have been implemented,” the HIPPA Journal explained.

According to the HIPPA Journal, a companion bill was introduced by Representatives Michael C. Burgess (R-TX) and Angie Craig (D-MN) in the House of Representatives.


Live chat by BoldChat