Michigan lawmaker advocates for proactive approach to medical device cybersecurity

Cyber insurance is no longer optional in hospitality
Medical device cybersecurity bills in the House and Senate offer different approaches to a growing problem.

With cyberattacks increasingly targeting healthcare organizations, a Michigan congressman is touting a new bill that would create a cybersecurity framework for medical device manufacturers.

Earlier this month, Rep. Dave Trott, R-Mich., and Rep. Susan Brooks, R-Ind., introduced the Medical Things Resilience Partnership Act, which calls on the Food and Drug Administration to oversee a working group of government and industry officials to develop voluntary frameworks and guidelines for device security. The bill got support from the Advanced Medical Technology Association (AdvaMed).

RELATED: Lawmakers introduce bill to beef up medical device cybersecurity with an FDA-led workgroup

This week, in an op-ed for The Hill, Trott pushed for a more proactive approach to ensuring the safety and security of connected medical devices through industry guidelines. 

“The interoperability of these devices is critical in helping doctors monitor patients and detect problems with implanted devices,” Trott wrote. “However, the ability for these technologies to adapt through internet connectivity—their greatest strength—is also their greatest vulnerability.”

RELATED: 3 lessons for the FDA following Abbott’s cybersecurity recall

The legislation’s voluntary approach contrasts with another bill introduced in the Senate that would require manufacturers to undergo cybersecurity testing and create a “cyber report card” to boost transparency among medical device developers. That bill garnered support from the College of Healthcare Information Management Executives (CHIME) and the Association for Executives in Healthcare Information Security (AEHIS).

The two bills highlight a growing tension over how to address these concerns. Private sector leaders, including Robert Ford, Abbott’s executive vice president of medical devices, have advocated for an industry-led approach to cybersecurity standards. At the same time, manufacturers are increasingly concerned hackers would target their device software, and industry trade groups have said cybersecurity has gone from “general understanding” to “extreme awareness” over the last several years.