The House Energy and Commerce Committee sent a letter to HHS Acting Secretary Eric Hargan asking the agency to better ensure the cybersecurity of medical devices by improving supply chains at a time when cyberattacks in the healthcare sector are becoming more complex and targeted.
In the letter Committee Chairman Rep. Greg Walden, R-Ore., requests HHS begin requiring device makers to list "bills of materials" to account for third-party software components used in their products. This is a popular practice among device advocacy groups to increase transparency and is a key recommendation of the Health Care Industry Cybersecurity Task Force established by HHS in 2016.
"Stakeholders do not know, and often have no way of knowing, exactly what software or hardware exist within the technologies on which they rely to provide vital medical care," the letter reads. "This lack of visibility directly affects the ability of these stakeholders to assess their levels of risk and adjust their strategies appropriately."
The committee asks HHS to develop a plan and work with medical device stakeholders to form guidelines that encourage bills of materials by Dec. 15.