Young, Rosen Introduce Bipartisan Legislation to Strengthen Cybersecurity for Medical Devices

WASHINGTON – U.S. Senators Todd Young (R-Ind.) and Jacky Rosen (D-Nev.) recently introduced their bipartisan Strengthening Cybersecurity for Medical Devices Act to require the U.S. Food and Drug Administration (FDA) to review and update medical device cybersecurity guidelines and suggestions to ensure devices are protected from possible hacking and cyber attacks. 

“Medical devices are increasingly connected to the Internet or other health care facility networks to provide features that improve the ability of health care providers to treat patients,” said Senator Young. “Our bill helps ensure medical devices are protected from cyberattacks and used safely and securely in order to reduce risks and vulnerabilities for patients.”

“In light of increased cyber threats, we must strengthen the security of our health care system’s cyber infrastructure,” said Senator Rosen. “This bipartisan bill I introduced with Senator Young will ensure that medical devices and technologies are up to date with the latest cybersecurity, protecting patients and health care systems.” 

The bipartisan Strengthening Cybersecurity for Medical Devices Act would require the FDA, in consultation with the Cybersecurity and Infrastructure Security Agency (CISA), to review guidance for industry and FDA staff regarding medical device cybersecurity and make updates as appropriate at least every two years. This provision would ensure a more timely review to keep the guidance current.

The bill also requires FDA to share information publicly regarding federal resources for health care professionals, medical device manufacturers, and health systems to identify and address cyber vulnerabilities, and access support. Additionally, the bill requires a GAO report examining medical device cybersecurity vulnerabilities and recommendations for improving federal coordination to support cybersecurity for medical devices.