Two healthcare IT industry groups—CHIME and AEHIS—have voiced their support for a bill that would aim to make the cybersecurity capabilities of medical devices more transparent to providers, and which would clarify expectations concerning security enhancements and maintenance of medical devices.
The legislation, (S.1656), the Medical Device Cybersecurity Act of 2017, was introduced by Senator Richard Blumenthal (D-CT) last week. The bill also establishes a cybersecurity emergency response team.
The Department of Health and Human Services’ (HHS) Health Care Industry Cybersecurity Task Force report, delivered to Congress in June, highlighted the critical state of the healthcare industry’s cybersecurity posture. Among many other issues, the report offered a number of suggestions to improve medical device cybersecurity, some of which have been included in the Medical Device Cybersecurity Act of 2017.
Drilling down, the Medical Device Cybersecurity Act of 2017 seeks to improve medical device security with actions such as:
• Increasing transparency of medical device security by creating a cyber report card for devices and mandating testing prior to sale
• Bolstering remote access protections for medical devices in and outside of the hospital
• Ensuring crucial cybersecurity fixes or updates remain free and do not require FDA recertification
Recent statements by Liz Johnson, CHIME (the College of Healthcare Information Management Executives) board chair and CIO of Acute Care Hospitals and Applied Clinical Informatics at Tenet Healthcare and Deborah Stevens, AEHIS (the Association for Executives in Healthcare Information Security) board chair and chief security officer at Tufts Health Plan showed support for the legislation.
“CHIME members continue to identify cybersecurity as their top priority. The potential risks that networked medical devices pose to patients have been of great concern for our membership,” said Johnson. “We appreciate Senator Blumenthal’s leadership and interest in this complicated issue as providers try to ensure that patients get the benefits that medical devices offer without exposing them to potential safety risks. CHIME is pleased to endorse this legislation. We look forward to continuing a dialogue with members of Congress, the administration and industry partners on this critical issue.”
Added Stevens, “The recent cyber attacks underscore the importance of this legislation. WannaCry and Petya shined a bright light on the vulnerabilities in the healthcare sector and more specifically with medical devices. On behalf of the AEHIS membership we applaud Senator Blumenthal for taking on this important issue.”
Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.