The Protecting and Transforming Cyber Health Care (PATCH) Act Unveiled to Boost Medical Device Cybersecurity

Two bipartisan senators have presented the Protecting and Transforming Cyber Health Care (PATCH) Act which seeks to increase the security of medical devices.

Vulnerabilities are usually discovered in medical devices that can likely be taken advantage of by threat actors to alter the operation of the devices, render them unuseable, or utilize the devices as a channel for more extensive attacks on healthcare sites. During the pandemic, there was a surge of cyberattacks on healthcare institutions, and medical devices, and the systems to which they hook up were affected by ransomware attacks. These attacks have hurt hospitals, patients, and the medical device sector.

U.S. Senators Tammy Baldwin (D-WI) and Bill Cassidy, M.D. (R-LA) unveiled the PATCH Act to make certain that the cyberinfrastructure of the U.S. healthcare system remains safe and secure. The PATCH Act will make changes to the Federal Food, Drug, and Cosmetic Act to necessitate all premarket submissions for medical equipment to consist of specifics of the cybersecurity protections that were applied.

If passed, the Food and Drug Administration (FDA) can only approve a medical device for use after the manufacturers ensure that critical cybersecurity requisites were integrated. The PATCH Act furthermore necessitates makers of medical devices to design, build, and retain processes and procedures to update and patch the products and connected systems during the lifecycle of the product. A Software Bill of Materials for each device needs to additionally be made available to end consumers which will make it simpler to find vulnerabilities that impact the devices, which include vulnerabilities in open source pieces and dependencies.

The Patch Act likewise necessitates medical device companies to have a plan for supervising, identifying, and handling post-market cybersecurity problems, and a Coordinated Vulnerability Disclosure will be needed to prove the safety and efficiency of a device.

New medical technologies offer the outstanding potential to boost the health and quality of life, mentioned Dr. Cassidy. If Americans could not count on the protection of their personal data, this potential would not be realized.

With the PATCH Act, revolutionary medical technologies are better shielded from cyber threats and personal health information is safe while finding new ways to better care as well.

Reps. Michael C. Burgess (R-TX) and Angie Craig (D-MN) introduced a companion bill in the House of Representatives.