In August 2017, U.S. Senator Richard Blumenthal (D-CT) introduced a new bill to the Senate that would add requirements for medical device cybersecurity, including mandated testing and better remote access protections.
The Medical Device Cybersecurity Act of 2017 seeks to improve medical device security by:
- Increasing transparency of medical device security by creating a “cyber report card” for devices and mandating testing prior to sale;
- Bolstering remote access protections for medical devices in and outside of the hospital;
- Ensuring that crucial cybersecurity fixes or updates remain free and do not require FDA recertification;
- Providing guidance and recommendations for end-of-life devices, including secure disposal and recycling instructions; and
- Expanding the DHS Computer Emergency Readiness Team (ICS-CERT) responsibilities to include the cybersecurity of medical devices.
“Without this legislation, insecure and easily exploitable medical devices will continue to put Americans’ health and confidential personal information at risk,” said Sen. Blumenthal in an announcement.
The bill is supported by the College of Healthcare Information Management Executives and the Association for Executives in Healthcare Information Security.