Cybersecurity

An FDA official on Tuesday (Jan. 29) told a group of stakeholders that legacy medical devices remain an “intractable challenge” for promoting cybersecurity in the medical device space, a view also held by agency chief Scott Gottlieb who, on the same day, stated that one of FDA’s most critical challenges lies in addressing safety risks posed by the devices.

HHS and the healthcare industry issued cybersecurity “best practices” that focus on baseline measures such as protecting emails, limiting system access and developing incident response plans -- based on a pre-testing process intended to assess the effectiveness of the security guidelines.

The American Hospital Association and a wide range of health care stakeholders urged congressional leaders to pass a key health security bill before the end of the lame-duck session, arguing that, without reauthorization from lawmakers, essential HHS emergency preparedness authorities will expire and gaps in federal response programs will remain unfilled.

HHS has rebranded its cybersecurity center to distinguish it in the department's efforts to defend the health care sector's information technology infrastructure, an HHS spokesperson told Inside Health Policy.

A key House health care committee suggested Tuesday that Congress bolster efforts by federal regulators to get medical device makers and other industries to ferret out cybersecurity vulnerabilities by offering a liability shield for independent cybersecurity researchers when vulnerabilities are reported, and by helping to distinguish between hacking and good-faith efforts to discover security lags.

An array of stakeholders voiced their support for the cross-industry role laid out in a set of sweeping cybersecurity initiatives unveiled by FDA Commissioner Scott Gottlieb this week, including new cybersecurity information sharing agreements, a playbook for hospitals to prepare for cybersecurity breaches and plans for an updated agency guidance document.

The House on Tuesday (Sept. 25) passed its hazard preparedness reauthorization bill by voice vote.

A major hospital group says FDA needs to step up and mandate cybersecurity for medical devices, a move intended to address risks related to legacy products that can't be updated or adequately patched as Congress considers steps to protect patients from cyber attacks.

In an unusual show of bipartisanship, key lawmakers from the Senate and House sent a letter to HHS Secretary Alex Azar that castigates the department for failing to follow through on key provisions of the Cybersecurity Act of 2015, which tasked HHS with developing industry-based approaches to mitigating cyber attacks.