The hope is that this framework will be adopted by medical device manufacturers and other stakeholders to prevent data breaches and make medical devices more secure from cyberattacks.
The range of medical devices now being employed in the healthcare industry is considerable and the number is only likely to keep increasing. As more devices are developed, the risk of harm to patients grows. These devices are currently used in hospitals, worn by patients receving treatment, fitted surgically or used in the home. The devices include drug infusion pumps, ventilators, radiological equipment, pacemakers and monitors.
If appropriate safeguards are not loaded into the devices, they will be susceptible to attack. Those attacks could be carried out to access to the data stored or saved on the devices, to use the devices to initiate attacks on healthcare networks or to change the function of the devices to inflict harm on patients. If no measures are taken the devices are certain to be attacked and healthcare groups and patients are likely to be damaged.
The Internet of Medical Things Resilience Partnership Act was developed and formulated by Representatives Dave Trott (D-MI) and Susan Brooks (R-IN) last week. Rep Brooks stated, “It is essential to provide a framework for companies and consumers to follow so we can ensure that the medical devices countless Americans rely on and systems that keep track of our health data are protected.”
“In our nation’s hospitals, technology has helped provide better quality and more efficient health care, but the perpetual evolution of technology – its greatest strength – is also its greatest vulnerability,” outlined Rep. Trott.
The bill implies the working group should be managed by the U.S. Food and Drug Administration (FDA), and should count among it representatives from the National Institute of Standards and Technology (NIST), the HHS’ Office of the National Coordinator for Health Information Technology (ONC), the Cybersecurity and Communications Reliability Division of the Federal Communications Commission (FCC), and the National Cyber Security Alliance (NCSA).
Additionally at least three representatives of the following groups should also join the working group: health care providers, health insurers, medical device developers, cloud computing, wireless network providers, health information technology, web-based mobile application developers and hardware and software programmmers.
The group will be given the function of developing a cybersecurity infrastructure for medical devices based on existing cybersecurity frameworks, tips and best practices. The working group should also identify high priority flaws that need to rectified and for which new or revised standards are needed while also developing an action plan.
The final report will be submitted 18 months from the initial passing of the Internet of Medical Things Resilience Partnership Act.