Global Edition
Privacy & Security

PATCH Act seeks to shore up security for medical devices, IoT networks

The bipartisan bill would put in place baseline cybersecurity requirements for device manufacturers applying for FDA approval and require plans to monitor and address post-market vulnerabilities.
By Mike Miliard
April 01, 2022
02:28 PM

Photo: Martin Barraud/Getty Images

The new Protecting and Transforming Cyber Health Care Act would implement a series of new requirements for medical device and network security.

WHY IT MATTERS
The bipartisan bill was introduced in the Senate this week by Sens. Tammy Baldwin, D-Wisconsin, and Dr. Bill Cassidy, R-Louisiana. There is already companion legislation in the House of Representatives sponsored by Reps. Dr. Michael C. Burgess, R-Texas, and Angie Craig, D-Minnesota.

The aim is to "help ensure that the U.S. healthcare system’s cyber infrastructure remains safe and secure" even as ransomware and other cyberattacks have increased in scope and severity in recent years.

 The PATCH Act would:

  • Impose a series of cybersecurity requirements for manufacturers applying for premarket approval through the Food and Drug Administration
  • Enable manufacturers to design, develop and maintain processes and procedures to update and patch the device and related systems throughout device lifecycles
  • Establish a Software Bill of Materials for devices that will be provided to users
  • Require development of plans to monitor, identify and address postmarket cybersecurity vulnerabilities
  • Request a Coordinated Vulnerability Disclosure to demonstrate safety and effectiveness of a device

"In recent years, we’ve seen a significant increase in cyber-attacks that have exposed vulnerabilities in our health care infrastructure," said Baldwin, in a statement. "We must take these lessons learned to better protect patients."

She added: "The bipartisan PATCH Act [ensures] that innovative medical technologies are better protected from cyber threats, and keep personal health information safe while also finding new ways to improve care."

THE LARGER TREND
As was discussed in-depth this past month at HIMSS22, hospital security efforts are "not just about privacy and confidentiality anymore. Cybersecurity is patient safety."

In few areas is that truer than with networked medical devices and the internet of things.

With ransomware attacks now commonplace, risks of Russian and other state-sponsored threats on the rise and remote patient monitoring newly in cyberattackers' sights, it's more critical than ever to keep patients safe by ensuring devices are built and deployed with strong security baked in.

Beyond federal policy, however, hospitals and health systems themselves have an important role to play in device security.

ON THE RECORD
"New medical technologies have incredible potential to improve health and quality of life," said Cassidy of the Senate Bill. "If Americans cannot rely on their personal information being protected, this potential will never be met."

"Throughout the pandemic, there was a spike in ransomware attacks within medical devices and larger networks," added Burgess, about the House's companion bill. "This legislation will implement cybersecurity protocols and procedures for manufacturers applying for premarket approval through the Food and Drug Administration to ensure that users are properly equipped to deal with foreign or domestic ransomware attacks. It is time to examine how to modernize and protect our health care infrastructure."

Twitter: @MikeMiliardHITN
Email the writer: mike.miliard@himssmedia.com
Healthcare IT News is a HIMSS publication.

Topics: 
Government & Policy, Medical Devices, Network Infrastructure, Privacy & Security, Quality and Safety

More regional news

Doctor talking notes while talking to a tablet

Modernizing acute care: the economic impact of bedside telehealth

November 18, 2024
A pharmacist reviewing a digital record

Blooms The Chemist integrates Healthengine and more briefs

By
Adam Ang
November 17, 2024
HIMSSCast logo

HIMSSCast: Caregiver input needed for allocation of investment dollars

By
Bill Siwicki
November 15, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Former Georgia Rep. Doug Collins
Trump taps former Rep. Doug Collins to head VA

Most Read

Clinical IT leaders on meeting CMS' mandate for patient data access
Epic and Oracle Health sign on to Veteran Interoperability Pledge
Vendor Notebook: New cybersecurity and EHR performance upgrades 
Texas AG settles with clinical genAI company
Interoperability in healthcare moving forward despite challenges
Meridian, Mae partner to boost maternal outcomes, lower disparities

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

Video

Lee Kim at HIMSS_Global Health Equity Week 2024
AI can be leveraged to improve cybersecurity and health equity
Dr. Keisuke Nakagawa at UC Davis Health_Global Health Equity Week 2024
How artificial intelligence is changing the equation for SDOH integration
Andrea Hsu at National Science and Technology Council_HIMSS24 APAC
Fostering health IT innovation through academic-industrial collaborations
Valerie Rogers at HIMSS_Global Health Equity Week 2024
Technology and policy have a role to play in improving maternal health

More Stories

Valerie Rogers at HIMSS_Global Health Equity Week 2024
Technology and policy have a role to play in improving maternal health
Mike Relli at Knight Consulting_Global Health Equity Week 2024
New approaches to improving healthcare access for justice-impacted individuals
HIT professional reviews information on a laptop outside a server room
ASPR seeks feedback on public health orgs' cybersecurity needs
Gabriel Jones of Proprio on AI
Artificial intelligence is enabling big advances in surgery
Pharmacist sorting pills
Deploy RFID technologies to streamline controlled substance management
Healthcare workers in a meeting
Prioritizing cost management at U.S. healthcare systems: Keys to better margins
Healthcare worker looking at medical record on tablet with patient in background
Protect your IoMT devices against evolving cyberattacks
Jill Brewer at HIMSS_Healthcare Cybersecurity Forum 2024
What's the weakest link in organizational cybersecurity? Not what you might think