Opinion: STAT+: The PATCH Act’s approach to securing medical devices actually gives malicious actors a blueprint

The PATCH Act’s recently implemented approach to securing medical devices actually gives malicious actors a blueprint.

Nov 7, 2023 - 18:00
Opinion: STAT+: The PATCH Act’s approach to securing medical devices actually gives malicious actors a blueprint

In August 2013, the FDA made news when it issued cybersecurity guidance for medical devices. But several years earlier, government officials recognized the risk: Soon after the FDA made its announcement, former Vice President Dick Cheney revealed in a “60 Minutes” interview that when his pacemaker was replaced in 2007, his doctors took precautions to make it hack-proof. “It seemed to me to be a bad idea for the vice president of the United States to have a device that maybe somebody … might be able to get into, hack into,” his cardiologist told “60 Minutes.” The fear inspired an episode of the popular TV show “Homeland” in which a fictional vice president succumbs to terrorists who seize control of his pacemaker.

Fast-forward to today. Starting in October, the PATCH Act (Protecting and Transforming Cyber Healthcare Act) empowers the Food and Drug Administration to enforce stricter cybersecurity measures for medical devices. This includes a requirement for manufacturers to create a software bill of materials, or SBOM, to help identify potential security vulnerabilities in the software.

An SBOM is a machine-readable list of device software components, including off-the-shelf software that isn’t necessarily designed for safety-critical environments. Many health care organizations believe the SBOM safeguards against device attacks that could jeopardize patient safety or disrupt an entire healthcare network.

Continue to STAT+ to read the full story…

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow