Two US senators have proposed a new bill to Congress that seeks the Food and Drug Administration (FDA) to issue cybersecurity guidelines for medical device security more regularly, according to media reports.
The legislation, first reported by CyberScoop, comes from Senators Jacky Rosen and Todd Young. It also requires the FDA to more frequently share information about vulnerable medical devices on its website
“In light of increased cyber threats, we must strengthen the security of our healthcare system’s cyber infrastructure,” Rosen was quoted as saying.
“This bipartisan bill I introduced with Senator Young will ensure that medical devices and technologies are up to date with the latest cybersecurity, protecting patients and health care systems,” he added.
If the bill is passed in Congress, the FDA will have to work with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to issue binding guidance for industry and FDA staff regarding medical device cybersecurity no less than every two years, the report said.
It comes a few weeks after cybersecurity expert Joshua Corman testified before a Senate committee on the vulnerabilities of medical devices to cyberattacks, and a few months after FDA leaders asked Congress in April to dedicate more funding and authority to the agency around device cybersecurity, the Verge reported.
“I am more concerned about the cybersecurity of US healthcare than I ever have been,” Corman said in his written testimony.
He noted that the FDA issued the first alert about a specific device in 2015. And the attention to the issue over the past year as cyberattacks increased in severity and frequency is helping to drive changes forward.
But as attacks continue and organisations don’t have much resources to stop them, it’ll take much more work to shore up protections.
For years, experts have warned that medical devices, from drug infusion pumps to hospital beds, that can be connected to the Internet pose a threat as they are the major targets for hackers.
They have been flagging the unpreparedness of the healthcare industry to deal with such a threat that puts both patient data and patient health in danger.