US Senator introduces new bill for cybersecurity of medical devices

The US Senator Richard Blumenthal has introduced the Medical Device Cybersecurity Act bill to protect confidential medical information of patients.

Intended to protect against hackers, the bill provides cybersecurity protections for medical devices.

The move follows ransomware attacks and large-scale privacy breaches that occurred recently, demonstrating the vulnerability of certain medical devices and in turn the associated patient records and health.

Researchers are reported to have found more than 1,400 vulnerabilities in a single medical device, raising concern for devices that contain patient information and might affect their treatment.

Senator Blumenthal said: “My bill will strengthen the entire healthcare network against the ubiquitous threat of cyber attacks.

"My bill will strengthen the entire healthcare network against the ubiquitous threat of cyber attacks."

“Without this legislation, insecure and easily exploitable medical devices will continue to put Americans’ health and confidential personal information at risk.”

The new Medical Device Cybersecurity Act of 2017 is intended to create a cyber report card for devices and requires mandatory testing before commercialisation to enhance transparency of medical device security.

In addition to strengthening remote access protections for medical devices both inside and outside the hospital environment, the bill will deliver guidance and recommendations such as secure disposal and recycling instructions for end-of-life devices.

Under the new act, important fixes and updates for cybersecurity will remain free and will not require recertification from the US Food and Drug Administration (FDA).

The responsibilities of the DHS Computer Emergency Readiness Team (ICS-CERT) will be extended to the cybersecurity of medical devices.