The new Protecting and Transforming Cyber Health Care Act implements a set of new requirements for medical device and network security.
Important reason
The bipartisan bill was introduced in the Senate this week by Senator Tammy Baldwin of D-Wisconsin and Dr. Bill Cassidy of R-Louisiana. The House of Representatives, sponsored by Republican Rep. Michael C. Burgess and Republican Rep. Angie Craig, already has ancillary bills.
The goal is to “help secure the cyber infrastructure of the US healthcare system,” even as the scope and severity of ransomware and other cyber attacks have increased in recent years.
The patch method is as follows.
- Imposing a set of cybersecurity requirements on manufacturers applying for premarket approval through the Food and Drug Administration
- Allows manufacturers to design, develop, and maintain processes and procedures to update and patch devices and related systems throughout the device life cycle.
- Create a software bill of materials for the device provided to the user
- Require planning to monitor, identify, and address post-marketing cybersecurity vulnerabilities
- Require coordinated vulnerability disclosure to demonstrate device safety and effectiveness
“In recent years, there has been a significant increase in cyberattacks that expose vulnerabilities in healthcare infrastructure,” Baldwin said in a statement. “We must take these lessons learned to better protect our patients.”
She added: “Bipartisan patch law [ensures] Innovative medical technologies are better protected from cyber threats and can also find new ways to improve care while keeping personal health information safe. “
Big trend
As discussed in detail at HIMSS22 last month, hospital security efforts are “no longer just privacy and confidentiality. Cybersecurity is patient safety.”
In some areas, it’s more true than the networked medical devices and the Internet of Things.
With ransomware attacks becoming more common, increasing threats sponsored by Russia and other nations, and new remote patient monitoring in the sight of cyber attackers, devices with strong security built-in. Keeping patients safe is more important than ever by ensuring the construction and deployment of.
However, beyond federal policy, hospitals and the medical system itself play an important role in device security.
On record
“New medical technologies have incredible potential for improving health and quality of life,” said Senate Bill Cassidy. “If Americans can’t rely on the protection of their personal information, this possibility will never be met.”
“Through the pandemic, ransomware attacks have surged in medical devices and large networks,” Burgess added about the house companion bill. “The law implements cybersecurity protocols and procedures for manufacturers applying for premarket approval through the Food and Drug Administration, ensuring that users are properly prepared to respond to foreign or domestic ransomware attacks. Make sure. It’s time to consider how to modernize and protect healthcare. Infrastructure. “
twitter: @MikeMiliardHITN
Send an email to the writer: mike.miliard@himssmedia.com
HealthcareIT News is a publication of HIMSS.
