Strengthening Cybersecurity for Medical Devices

U.S. senators have recently come forward with the Strengthening Cybersecurity for Medical Devices Act, which requires reviews and updates to medical device security guidelines on a more frequent basis by the FDA. If passed, this bipartisan piece of legislation would task the agency with collaborating on industry guidance reviews with the Cybersecurity and Infrastructure Security Agency (CISA). Necessary updates would come every two years, and the two agencies would routinely elucidate on possible cybersecurity improvements in medical device development and manufacturing.

The FDA and CISA would give guidance on identifying and addressing weaknesses in medical device security—and outline the improvement process for providers, manufacturers, and general health systems. Explaining the steps for gaining needed support from the CISA, HHS, and other government entities in this mission is also part and parcel of the act. To that end, the Government Accountability Office (GAO) would put together a formal report of the various obstacles these providers, health systems, and manufacturers would need to overcome to secure coordination on this effort from a score of related federal agencies.

Become a Subscriber

Please purchase a subscription to continue reading this article.

Subscribe Now

“The thing that makes this Bill important is that it sets out requirements to update the guidance on a more frequent and regular basis, thereby recognizing the dynamic and changing nature of the threat, and it lays out responsibility for regularly updating information for improving cybersecurity of medical devices both before and after manufacturing, and, last but not least, a requirement for an independent GAO study identifying the challenges to securing medical devices,” said Mac McMillan, CEO and Founder of healthcare cybersecurity firm CynergisTek.