Recently U.S. Senators Bill Cassidy (R-LA) and Tammy Baldwin (D-WI) legislated the Adoption of the Protecting and Transforming Cyber Health Care (PATCH) Act. It aims to heighten healthcare devices’ security. Representatives Bill Cassidy (R-LA) and Tammy Baldwin (D-WI) provided attendant regulation in the House of Representatives.
Why the PATCH Act is Important?
For the last few years, specialists detected a lot of vulnerabilities in the healthcare devices’ security. Due to the situation with a pandemic, the number of cyberattacks on healthcare organizations and providers increased. Medical networks and devices suffered from ransomware attacks.
So, it became obvious that field standards and security rules along the supply chain are needed. As a great number of devices have legacy software, it is easier for cyber villains to attack them. They can change the functionality of medical devices, make them unserviceable, or be a kind of bridgehead for bigger cyberattacks in the field of medicine. That’s why the Adoption of The Protecting and Transforming Cyber Health Care (PATCH) Act was introduced to regulate the situation.
What are the Conditions of the PATCH Act?
The Food and Drug Administration (FDA) should accept and approve the device. But before this happens, producers have to make sure that they’ve complied with the crucial cybersecurity demands. The Protecting and Transforming Cyber Health Care (PATCH) Act also urges healthcare devices producers to develop and support processes and procedures for updating and fixing devices and related systems during their entire lifecycle. They also need to provide a range of software bill of materials (SBOM) for users, so that they can easily detect vulnerabilities that impact devices. These weak points include the vulnerability of open-source components and dependencies.
The PATCH act also demands the healthcare devices producers to make a plan of monitoring, detecting and eliminating cybersecurity weaknesses after devices enter the market. It requires agreed vulnerabilities disclosure as well. The uncovering aims to show the reliability and efficiency of a device.
What about the SBOM and Contracts?
The software bills of materials (SBOMs) are actually useful because they make the process of weak spot monitoring easier. Also, they manage license compliances and give a possibility for engineers to understand dependencies between software components. The U.S. Food and Drug Administration (FDA) published SBOM market recommendations. These guidelines pressed on producers according to the SBOM implementation. Albeit the healthcare sphere is the proponent of the SBOM adoption, the lack of transparency and communication slows the process.
As for the contracts, The Healthcare & Public Health Sector Coordinating Councils (HSCC) launched a standard contract language. It aims to provide medical devices security to healthcare organizations while signing contracts with healthcare devices producers. Permanent difficulties in healthcare organizations and producers of medical devices raised the need for a universal contract template. Those troubles concerned reliabilities, accountabilities, and different expectations about cybersecurity.
Additional Information
The Protecting and Transforming Cyber Health Care (PATCH) Act would extend rules of the production of healtcare devices and may help to soften the risks of attacks on them. Also, Senators Cassidy and Jacky Rosen (D-NV) presented the Healthcare Cybersecurity Act. It aims to strengthen cybersecurity in the healthcare sphere by establishing a partnership between the United States Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA).
Check our news portal to always stay on the top!
