On Thursday, October 5, U.S. Representatives Susan Brooks (R-Ind.) and Dave Trott (R-Mich.) introduced into the House of Representatives the Internet of Medical Things Resilience Partnership Act, which creates a public-private stakeholder partnership to lay out a cybersecurity framework to protect Americans’ sensitive healthcare information from cyber-attacks.
What’s more, this partnership collects and centralizes all existing, relevant cybersecurity standards, guidelines, frameworks, and best practices—in addition to pinpointing actionable solutions. Plus, it provides Internet of Medical Things developers a framework to reference.
“There are millions of medical devices susceptible to cyber-attacks and often times, we are wearing these networked technologies or even have them imbedded in our bodies,” says Brooks. “Bad actors are not only looking to access sensitive information, but they are also trying to manipulate device functionality. This can lead to life-threatening cyber-attacks on devices ranging from monitors and infusion pumps, to ventilators and radiological technologies.”
“As the number of connected medical devices continue to grow, so does the urgency to establish guidelines for how to prevent these kinds of dangerous attacks,”she adds. “It is essential to provide a framework for companies and consumers to follow so we can ensure that the medical devices countless Americans rely on and systems that keep track of our health data are protected.”
Trott echoes Brooks’ statements, commenting: “In our nation’s hospitals, technology has helped provide better quality and more efficient health care, but the perpetual evolution of technology—its greatest strength—is also its greatest vulnerability. [So,] during National Health IT Week, Rep. Brooks and I introduced legislation that would develop a robust yet malleable framework to protect Americans’ most sensitive medical information.”
The tense here is a bit out of sync with reality. As noted the bill was introduced on October 5th. As such it hasn’t created anything yet, it merely seeks to create. It would have to pass the house, and then the senate, be subjected to conference if necessary, and then be signed by the President. The tense used here, largely quoted from the introducers, seems to be aimed at creating a sense of accomplishment when there has not been any. Govtrack.net, quoting Skopos Labs, gives this bill a 2% chance of passage.