New legislation from two Republican lawmakers looks to lay out a cybersecurity framework which protects sensitive healthcare information from cyber attacks.
U.S. Representatives Dave Trott (MI-11) and Susan Brooks (IN-05) introduced the Internet of Medical Things Resilience Partnership Act last week, with the aim to collect and centralize all existing, relevant cybersecurity standards, guidelines, frameworks, and best practices, identified the current high-priority gaps and problems, and pinpoints actionable solutions while providing a framework for IoMT (Internet of Medical Things) developers for which to reference.
In a statement, Rep. Brooks, said, “There are millions of medical devices susceptible to cyber attacks and often times, we are wearing these networked technologies or even have them imbedded in our bodies. Bad actors are not only looking to access sensitive information, but they are also trying to manipulate device functionality. This can lead to life-threatening cyber attacks on devices ranging from monitors and infusion pumps, to ventilators and radiological technologies.”
Brooks’ statement continued, “As the number of connected medical devices continue to grow, so does the urgency to establish guidelines for how to prevent these kinds of dangerous attacks. It is essential to provide a framework for companies and consumers to follow so we can ensure that the medical devices countless Americans rely on and systems that keep track of our health data are protected. I am proud to introduce a bill with my colleague Rep. Trott that brings together public and private sector counterparts to address potential vulnerabilities of medical technologies.”
Per the legislation, the Office of the national Coordinator for Health IT (ONC) would be part of a working group—established by the FDA (Food and Drug Administration) and NIST (National Institute of Standards and Technology)—that would develop recommendations for voluntary frameworks and guidelines to increase the security and resilience of networked medical devices sold in the U.S. that store, receive, access, or transmit information to an external recipient or system for which unauthorized access, modification, misuse, or denial of use may result in patient harm.
