Earlier this month, Sen. Richard Blumenthal (D-Conn.) introduced into the Senate the “Medical Device Cybersecurity Act of 2017”—a bill, Blumenthal says, that would amend the Federal Food, Drug, and Cosmetic Act to provide cybersecurity protections for medical devices. One of the key provisions in the bill is the creation of a so-called “report card,” which “will indicate the cybersecurity functions of cyber devices,” according to the bill.
In a statement, Blumenthal addressed the importance of the bill, commenting: “The security of medical devices is in critical condition. My bill will strengthen the entire healthcare network against the ubiquitous threat of cyberattacks. Without this legislation, insecure and easily exploitable medical devices will continue to put Americans’ health and confidential personal information at risk.”
The introduction of this bill comes on the heels of the Medical Device Innovation, Safety and Security Consortium’s (MDISS’) launch of the first of more than a dozen planned security testing labs for medical devices. The new MDISS World Health Information Security Testing Lab (WHISTL) will focus on vetting complex multi-vendor, multi-device critical-care environments, such as hospital intensive care units and emergency rooms.
Further, the WHISTL facilities will comprise a federated network of medical device security testing labs, independently owned and operated by MDISS-member organizations including healthcare delivery organizations, medical device manufacturers, universities and technology companies. Each WHISTL facility will launch and operate under a shared set of standard operating procedures.
The goal, MDISS officials say, is to help organizations work together to more effectively address the public health challenges arising from cybersecurity issues emergent in complex, multivendor networks of medical devices.