U.S. House of Representatives Approves Internet of Medical Things Resilience Partnership Act

by | Oct 13, 2017

The U.S. House of Representatives has paased the Internet of Medical Things Resilience Partnership Act, aiming to put in place a public-private stakeholder partnership.

This partnership will be charged with developing a cybersecurity framework that can be implemented by medical device manufacturers and other stakeholders to stop data breaches and make medical devices more secure from cyberattacks.

The variety of medical devices now being utilized in healthcare is wide and the number is only likely to increase. As more devices are introduced, the risk to patients grows. These technological devices are currently used in hospitals, worn by patients, fitted surgically, or used at home. The modern devices include drug infusion pumps, ventilators, radiological technologies, pacemakers, and monitors.

If proper safeguards are not developed for the devices, they will be vulnerable to attack. Those attacks could be carried out to gain access to the data stored or recorded by the devices, to use the devices to target attacks on healthcare networks, or to alter the function of the devices to cause patients damage. What is certain is that if no action is taken, the devices will be attacked and healthcare groupss and patients are likely to be harmed.

The Internet of Medical Things Resilience Partnership Act was proposed by Representatives Dave Trott (D-MI) and Susan Brooks (R-IN) last week. Rep Brooks stated, “It is essential to provide a framework for companies and consumers to follow so we can ensure that the medical devices countless Americans rely on and systems that keep track of our health data are protected.”

“In our nation’s hospitals, technology has helped provide better quality and more efficient health care, but the perpetual evolution of technology – its greatest strength – is also its greatest vulnerability,” outlined Rep. Trott.

The bill proposed the working group should be headed by the U.S. Food and Drug Administration (FDA), and should include representatives from the National Institute of Standards and Technology (NIST), the HHS’ Office of the National Coordinator for Health Information Technology (ONC), the Cybersecurity and Communications Reliability Division of the Federal Communications Commission (FCC), and the National Cyber Security Alliance (NCSA).

Additionally, at least three representatives of each of the following groups should also join the working group: health care suppliers, health insurance providers, medical device makers, cloud computing, wireless network providers, health information technology, web-based mobile application developers and hardware and software developers.

The group will be charged with formulating a cybersecurity framework for medical devices based on current cybersecurity frameworks, guidance, and best practices. The working group should also spot high priority gaps for which new or revised standards are required and develop an action plan to ensure those gaps are tackled.

The working group will be asked to complete its report no later than 18 months from the passing of the Internet of Medical Things Resilience Partnership Act.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy