Two U.S. senators introduced a bipartisan bill called the Strengthening Cybersecurity for Medical Devices Act, which would require the U.S. FDA to review and update medical device cybersecurity guidelines and suggestions to ensure devices are protected from possible hacking and cyberattacks.

The bill, which was introduced by U.S. Senators Todd Young (R-Ind.) and Jacky Rosen (D-Nev.), would require the FDA, in consultation with the Cybersecurity and Infrastructure Security Agency (CISA), to review guidance for industry and FDA staff regarding medical device cybersecurity and make updates as appropriate at least every two years. This provision would ensure a timelier review to keep the guidance current.

“Medical devices are increasingly connected to the Internet or other health care facility networks to provide features that improve the ability of health care providers to treat patients,” says Senator Young. “Our bill helps ensure medical devices are protected from cyberattacks and used safely and securely in order to reduce risks and vulnerabilities for patients.”

If passed, the act would also require the U.S. FDA to share information publicly regarding federal resources for healthcare professionals, medical device manufacturers, and health systems to identify and address cyber vulnerabilities, and access support. 

“In light of increased cyber threats, we must strengthen the security of our health care system’s cyber infrastructure,” says Senator Rosen“This bipartisan bill I introduced with Senator Young will ensure that medical devices and technologies are up to date with the latest cybersecurity, protecting patients and health care systems.” 

Additionally, the bill requires a GAO report examining medical device cybersecurity vulnerabilities and recommendations for improving federal coordination to support cybersecurity for medical devices.