The Protecting and Transforming Cyber Health Care (PATCH) Act Presented to Enhance Medical Device Cybersecurity

Two bipartisan senators have presented the Protecting and Transforming Cyber Health Care (PATCH) Act which aspires to strengthen the safety of medical devices.

Vulnerabilities are frequently found in medical devices that can possibly be used by threat actors to modify the efficiency of the devices, make them inoperable, or use the devices as a means for more comprehensive attacks on healthcare systems. Throughout the pandemic, there was a spike in cyberattacks on healthcare companies, and medical devices, and the systems to which they link up were impacted by ransomware attacks. These cyberattacks have impacted patients, hospitals, and the medical device market.

U.S. Senators Tammy Baldwin (D-WI) and Bill Cassidy, M.D. (R-LA) unveiled the PATCH Act to make sure that the cyberinfrastructure of the American healthcare system stays safe and protected. The PATCH Act will revise the Federal Food, Drug, and Cosmetic Act to call for all premarket submissions for medical devices to have information on the cybersecurity features that were applied.

If approved, the Food and Drug Administration (FDA) can only allow a medical device for use once the manufacturers make sure that critical cybersecurity specifications were integrated. The PATCH Act additionally requires companies of medical devices to design, create, and keep processes and procedures to update and patch the units and associated systems all through the lifecycle of the unit. A Software Bill of Materials for every device should likewise be given to end consumers which will make it less difficult to discover vulnerabilities that have an effect on the devices, such as vulnerabilities in open source parts and dependencies.

The Patch Act additionally calls for medical device producers to establish a plan for tracking, identifying, and dealing with post-market cybersecurity issues, and a Coordinated Vulnerability Disclosure will be necessary to show the safety and performance of a device.

New medical technologies offer great potential to enhance the health and quality of life, stated Dr. Cassidy. If Americans are unable to depend on the protection of their personal data, this potential won’t be achieved.

With the PATCH Act, modern medical technologies are better secured from cyber threats and personal health information is safe while seeking new ways to enhance care at the same time.

Reps. Michael C. Burgess (R-TX) and Angie Craig (D-MN) presented a companion bill in the House of Representatives.