The bill (S.1656) would amend the Federal Food, Drug and Cosmetic Act to include cybersecurity protections for medical devices, since these products often contain sensitive patient health information.
To increase transparency in medical device security, the legislation proposes instituting a cyber report card for devices and mandating testing before the product goes to sale. The bill would also enhance remote access protections, ensure cybersecurity fixes remain free and provide guidance and recommendations for outdated devices.
The bill also seeks to expand the Department of Homeland Security U.S. Computer Emergency Readiness Team’s responsibilities to include the reporting of medical device vulnerabilities.
“The security of medical devices is in critical condition,” said Mr. Blumenthal. ” Without this legislation, insecure and easily-exploitable medical devices will continue to put Americans’ health and confidential personal information at risk.”
The College of Healthcare Information Management Executives and the Association for Executives in Healthcare Information Security have endorsed the bill.
More articles on health IT:
Tucson practice investigates unauthorized access to computer systems
Privacy advocacy group calls on FTC to investigate Google’s secretive tracking techniques
Modernizing Medicine expands in Florida, expects to create 800+ jobs
