Sens. Jacky Rosen, D-N.V., and Todd Young, R-Ind., have introduced legislation aimed at strengthening the cybersecurity of medical devices, and requiring the U.S. Food and Drug Administration (FDA) to review and update its medical device cybersecurity guidelines.
The Strengthening Cybersecurity for Medical Devices Act would require FDA to consult with the Cybersecurity and Infrastructure Security Agency (CISA) to “review guidance for industry and FDA staff regarding medical device cybersecurity and make updates as appropriate at least every two years.”
“In light of increased cyber threats, we must strengthen the security of our health care system’s cyber infrastructure,” said Sen. Rosen in a press release. “This bipartisan bill I introduced with Senator Young will ensure that medical devices and technologies are up to date with the latest cybersecurity, protecting patients and health care systems.”
The bill also would require FDA to share information publicly regarding Federal resources for health care professionals, medical device manufacturers, and health systems for identifying cyber vulnerabilities and access support.
Lastly, the legislation would require the Government Accountability Office to report on examining medical device cybersecurity vulnerabilities and make recommendations for improving Federal coordination to support cyber for medical devices.
“Medical devices are increasingly connected to the Internet or other health care facility networks to provide features that improve the ability of health care providers to treat patients,” said Sen. Young. “Our bill helps ensure medical devices are protected from cyberattacks and used safely and securely in order to reduce risks and vulnerabilities for patients.”