OFFICIALS LEGISLATION INTEREST GROUPS PUBLIC STATEMENTS COMMITTEES VETOES

Representatives Burgess and Craig Legislation to PATCH U.S. Health Care System's Cyber Infrastructure to Be Brought Up in Energy and Commerce

Press Release

Date: March 29, 2022
Location: Washington, DC
Issues: Technology and Communication Health and Health Care

Congressman Michael C. Burgess, M.D. (R-TX), Congresswoman Angie Craig (D-MN), introduced the PATCH Act - Protecting and Transforming Cyber Health Care - to ensure that the U.S. health care system's cyber infrastructure remains safe and secure for American patients. It will be brought up tomorrow during the Energy and Commerce Subcommittee on Health hearing on the Medical Device User Fee Agreement.

Over the course of the pandemic, there have been an incredible number of ransomware attacks within medical devices and larger networks. These attacks effect hospitals, the medical device industry, and most importantly American patients. It is critical that Congress examines how to modernize safety protocols to protect the U.S. health care system infrastructure and bring an end to these attacks.

"The U.S. health care system is and will always remain to be a critical infrastructure," said Congressman Burgess. "We must take action and necessary steps to ensure that it remains cyber secure. Throughout the pandemic, there was spike in ransomware attacks within medical devices and larger networks. These attacks affect hospitals, the medical device industry, and most importantly American patients. This legislation will implement cybersecurity protocols and procedures for manufacturers applying for premarket approval through the Food and Drug Administration to ensure that users are properly equipped to deal with foreign or domestic ransomware attacks. It is time to examine how to modernize and protect our health care infrastructure. I'd like to thank Congresswoman Craig for joining me in this important initiative and the stakeholders involved in the process and making of this critical legislation."

"Over the past several years, bad actors have increasingly relied on cybersecurity vulnerabilities to take advantage of unsuspecting individuals and undermine our national security. That trend is especially alarming when it comes to personal medical devices, which can be exploited by cybercriminals -- threatening the health and wellbeing of countless Americans," said Congresswoman Craig. "I'm proud to join Representative Burgess in this effort to bolster security in the medical device industry and defend American patients from ransomware and other attacks."

This legislation will:

* Implement critical cybersecurity requirements for manufacturers applying for premarket approval through the FDA.
* Allow for the manufacturer to design, develop, and maintain processes and procedures to update and patch the device and related systems throughout the lifecycle of the device.
* Establish a Software Bill of Materials for the device that will be provided to users.
* Require the development of a plan to monitor, identify, and address post market cybersecurity vulnerabilities.
* Request a Coordinated Vulnerability Disclosure to demonstrate safety and effectiveness of a device.


Source
arrow_upward