The U.S. House of Representatives has paased the Internet of Medical Things Resilience Partnership Act, aiming to put in place a public-private stakeholder partnership.
This partnership will be charged with developing a cybersecurity framework that can be implemented by medical device manufacturers and other stakeholders to stop data breaches and make medical devices more secure from cyberattacks.
The variety of medical devices now being utilized in healthcare is wide and the number is only likely to increase. As more devices are introduced, the risk to patients grows. These technological devices are currently used in hospitals, worn by patients, fitted surgically, or used at home. The modern devices include drug infusion pumps, ventilators, radiological technologies, pacemakers, and monitors.
If proper safeguards are not developed for the devices, they will be vulnerable to attack. Those attacks could be carried out to gain access to the data stored or recorded by the devices, to use the devices to target attacks on healthcare networks, or to alter the function of the devices to cause patients damage. What is certain is that if no action is taken, the devices will be attacked and healthcare groupss and patients are likely to be harmed.
The Internet of Medical Things Resilience Partnership Act was proposed by Representatives Dave Trott (D-MI) and Susan Brooks (R-IN) last week. Rep Brooks stated, “It is essential to provide a framework for companies and consumers to follow so we can ensure that the medical devices countless Americans rely on and systems that keep track of our health data are protected.”
“In our nation’s hospitals, technology has helped provide better quality and more efficient health care, but the perpetual evolution of technology – its greatest strength – is also its greatest vulnerability,” outlined Rep. Trott.
The bill proposed the working group should be headed by the U.S. Food and Drug Administration (FDA), and should include representatives from the National Institute of Standards and Technology (NIST), the HHS’ Office of the National Coordinator for Health Information Technology (ONC), the Cybersecurity and Communications Reliability Division of the Federal Communications Commission (FCC), and the National Cyber Security Alliance (NCSA).
Additionally, at least three representatives of each of the following groups should also join the working group: health care suppliers, health insurance providers, medical device makers, cloud computing, wireless network providers, health information technology, web-based mobile application developers and hardware and software developers.
The group will be charged with formulating a cybersecurity framework for medical devices based on current cybersecurity frameworks, guidance, and best practices. The working group should also spot high priority gaps for which new or revised standards are required and develop an action plan to ensure those gaps are tackled.
The working group will be asked to complete its report no later than 18 months from the passing of the Internet of Medical Things Resilience Partnership Act.